6

Secure SSH - Passwordless logins more secure? [migrated]

view full story
linux-howto

http://serverfault.com – We had a long discussion if Key-based authentication with SSH (particularly OpenSSH) is more secure than with passwords. My co-workers always connect to servers with passwords; while I prefer to log in to a system without entering the password every time. They have fear that it is not secure to connect without a password. What should I tell them? For me, passwords are bad because they could be brute-forced or captured with a keylogger. I used the ssh-copy-id tool to copy my public key to the server. I simply connect via a ssh servername. In fact, I only have to enter the password for my priv (HowTos)

u85500's picture
Submitted by u85500 on 12/19/2011 – Made popular on 12/19/2011

Stories similar to Secure SSH - Passwordless logins more secure? [migrated]

To make sure your password is secure and valid, follow the guidelines in the table below. Required Action

I'm running a PPTP server on a ubuntu VPS, which has around 20 users . currently we use passwords like this "bi9_Knh78A#" . is this considered safe ? What's the best method to choose passwords ? How secure is PPTP VPN when passwords are very strong ? any tip to increase security ?

Hi, I downloaded a keyboard app with the idea that I want to be able to add shortcuts to input my passwords by entering a keyword like "pw' or "pw2". I use fairly long passwords and this feature would be of great use.

My problem is that when selecting the input box for a password, the suggestions don't come up above the keyboard. It works fine in a regular input box.

I'm using pfSense 2.0 and have an IPsec VPN configured (which uses the Raccoon IPsec daemon).

I'm connecting to the VPN using my iPhone (iOS 5).

However, the iPhone doesn't allowing saving of XAuth username and passwords.

How secure is it to remove XAuth authentication (ie. blank password) and only use RSA certificate authentication?

Can you remember all the passwords, especially where you’ve one foreign key, one number, one alphabet and has minimum of 8 characters? Or do you have one password for all the sites? Can you still remember all of them when you’re forced to change password every 1 or 3 months and you can’t use the same password that you’ve used in last 10 times?

How To Secure Your Ubuntu 10.10 Desktop With LinOTP 2

This howto will guide you to set up a LinOTP standalone one time password authentication backend on your Linux machine. This enables you to add two factor authentication with one time passwords to your desktop login. LinOTP is a modular OTP (one time password) solution, that supports many different OTP tokens.

Password Tools 32 weeks 4 days ago

Create secure passwords with the help of a password generator and check for quality at the same time.

Can someone tell me where the password policy control is?

There seems to be two places to change passwords:

from user>system settings>user accounts>click password field and activities>applications>other>users and groups>user.properties

In the 'user accounts' option, the screen prompts with secure passwords - if the password is weak, it won't allow the password at all

The passwords of the future could become more secure and, at the same time, simpler to use. Researchers at the Max Planck Institute for the Physics of Complex Systems in Dresden have been inspired by the physics of critical phenomena in their attempts to significantly improve password protection. The researchers split a password into two [...]