New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help Me With my SSH Logins. (please)
bamboo4409
Member
in Help
hope everyone is doing well.
I have been struggling managing my cloud servers.
I currently pay for BITWARDEN for my passwords. its pretty sweet. but key management has been trash.
its just not convenient having these PPK things laying around.
Is there a way to configure a Ubuntu/Debian install to just prompt for a yubikey for authentication instead? i hate passwords. they're trash. I usually use the pw of "jeffissexy6969" but its been leaked everywhere on the dark web.
any help would be appreciated, thank you comrades.
Comments
Just add another 69 and you're golden.
I'm not sure how to say it but... your password is horrible. Get something that actually contains uppercase, lowercase, numbers and special characters. No dictionary words/sentences, no sticking numbers only to the end.
My password is o7j7k3w5 .
I didn't make up this password myself.
It's the password of the computer club computer at my high school, set by the club president.
When I started registering my own Internet accounts, I simply reused this password.
For my servers, there's no password.
I put in my public key and disable password authentication.
The corresponding private key is simply a file, copied to each of my laptops and desktops.
The passphrase of the private key is o7j7k3w5, as stated above.
and now we know
Back in the good ole days, my ISP used to print an actual card with a random username and password for DSL access. For some weird reason, although the password was somewhat hard, I still remember it after all these years. I didn't have to key it in every day either, it just went into the modem's config once. It had everything a good password needed minus special characters. It was the "most secure" during those days /s
To OP, do exactly what yoursunny does, as that's what I do too. SSH keys, passphrase, after you copy the key to the server disable password login.
I wrote a tutorial on adding Google Authenticator for SSH logins. I haven't tried having only GA but I think maybe it would work.
https://lowendbox.com/blog/using-google-authenticator-for-ssh-and-console-connections-to-your-vps/
You could try removing this line:
Needless to say, I'd test it first with a local VM or a VM you can easily reimage.
maybe you'd like duo, 2fa to your phone or using yubikey.
https://duo.com/docs/loginduo
Can we meet Jeff?
https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#ssh
Additionally you want to use CygwinTerminal and install the password package. This will help generate passwords at random for all your SSH logins.
It doesn't. Tried it today on a spare node.
I did create a SuperUser Q on this:
https://superuser.com/questions/1827730/possible-to-disable-password-authentication-and-only-use-google-authenticator-fo
I have been using ssh keys instead of plaintext passwords over ssh. Why not use them? you can even add passphrase for extra security
Be careful with Google Auth and other pam modules for ssh and test your configuration thoroughly.
It's easy to make configuration mistakes that make it possible to log in without any password or other authentication.