← Back to all posts

Passwords are so 1997

Jacob Elder — 1 minute to read — December 27, 2008

It's practically 2009 and too many of us still use a jumble of letters and numbers as passwords. A New Year's resolution to keep: here's an ultra-short tutorial on never typing your password into a remote host again. First, the MacOS client version.

  1. Create a key and encrypt the private side with a strong passphrase: ssh-keygen -t dsa
  2. Add it to your Keychain: ssh-add -K .ssh/id_dsa
  3. Establish trust: cat .ssh/id_dsa.pub | ssh some.remote.net tee -a .ssh/authorized_keys (or email that file to someone who can do this for you)
  4. Now go disable passwords for SSH on that remote server by adding PasswordAuthentication no to /etc/sshd_config and restarting the SSH server. You are now immune to SSH brute force attacks.

Repeat steps 3 and 4 for every remote machine you use, but make sure you have a secure backup of that private key!

I practically never use Linux from the console any more, so I won't contribute a tutorial for that today. PuTTY and Pagent make this pretty damn easy on Windows. No more excuses!

That solves the shell session password issue. For the rest, the solution isn't so neat and tidy. sudo apt-get install pwgen to create super strong (but somewhat memorable) passwords for local accounts and websites. Turn on FileVault or FireFox's master password and let software deal with authentication for you.

← Back to all posts

Passwords are so 1997 - December 27, 2008 - Jacob Elder