SSH Keys Authentication

Cluster focuses on advocating SSH key-based authentication over passwords for secure server access, discussing best practices like key management, passphrases, hardware tokens, SSH CAs, and alternatives to mitigate risks.

📉 Falling 0.4x Security

3,314

Comments

Years Active

Top Authors

#2068

Topic ID

Activity Over Time

2008

2009

2010

2011

117

2012

161

2013

246

2014

144

2015

213

2016

299

2017

164

2018

159

2019

176

2020

245

2021

223

2022

324

2023

278

2024

243

2025

202

2026

Top Contributors

tptacek (24) e12e (21) jamiesonbecker (19) LinuxBender (17) tialaramex (16)

Keywords

e.g SSH PKI RSA IMO HN U2F VPS i.e FunnyGame ssh ssh keys keys password key auth passwords access private key remote

Sample Comments

cuckcuckspruce • Dec 8, 2017 • View on HN

Yet another reason to only use SSH keys.

m4jor • Aug 29, 2022 • View on HN

This is why you should only be using SSH keys instead of a user/pw.

uncoder0 • Oct 26, 2013 • View on HN

If you are using passwords for auth with SSH you have already lost.

Demiurge • Aug 28, 2024 • View on HN

Generally speaking, you’re right, but I have servers I want to be able to access from anywhere, because I support some app running on them. Until 1password agent setup, having keys only and password disabled was too difficult, and yet, also unnecessary.Zero day ssh bug? I’m not NSA, how often does this happen to random servers?? Again, never have been hacked in more than 20 years. Still support some servers with ~6 year uptime.

Schnitz • Oct 6, 2023 • View on HN

I use it with ssh and password auth disabled, is there a reason not to? Might be overkill but the host is in my home so physical access if I ever get locked out is not an issue.

gregjor • Feb 9, 2013 • View on HN

Using ssh keys instead of passwords protects your server regardless of how seldom you access the server from your Nexus 7. If you are connecting to publicly-accessible servers over ssh anyone else can connect to it as well and try to hack your username and password.

420codebro • Feb 26, 2021 • View on HN

SSH keys should not be stored on a locally accessible file system. Hardware tokens or you are gonna get them swiped someday.

jeroenhd • Jan 28, 2023 • View on HN

"Just magically logging in" is more of a nice side-effect than the intended purpose, in my opinion. SSH keys allow you to let multiple people log into a server without needing to set up complicated user accounts and without sharing a password that quickly becomes difficult to change.You can have the best of both worlds by storing the key itself in a place that's not readable by many programs. TPMs and other such tech can store a key securely without risk of FunnyGame.app sendin

lvh • Aug 4, 2018 • View on HN

Don't do this. Get an SSH CA and temporary credentials, and make your authentication to that SSH CA actually good (e.g. SAML with mandatory U2F).

rbc • May 2, 2015 • View on HN

With ssh, you still have to trust the originating endpoint. Even if you encrypt the local ssh private key, you still have to decrypt it by typing in the password that you encrypted it with. That opens the door for a key-logger to capture the password, providing an opportunity for persistent access to the remote host. I think that one-time passwords can be a useful adjunct authentication method, even when using ssh. When you can trust both local and remote host, I think key pairs are just fine.