You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2011-03-09 19:50:38
- tladuke
- Member
- Registered: 2009-07-23
- Posts: 176
sudo password vs ssh keys
I thought it would be a good idea to change my password to something hard and then use ssh key to login. The problem is, every time I need to sudo something, I have to take an hour to lookup and type in my crazy password. So I added myself to sudoers with NOPASSWD: ALL.
What do you think is worse: typing a dumb password all the time, or not typing a hard password?
Offline
#2 2011-03-09 20:06:39
- Awebb
- Member
- Registered: 2010-05-06
- Posts: 6,688
Re: sudo password vs ssh keys
Sometimes a picture says more than a thousand posts:
http://knoobie.files.wordpress.com/2010/06/facepalm.jpg
Any script on your computer can execute anything it's in the mood to, just by adding "sudo". Everytime your favorite browser developer has a bad day, you -Syu right into your personal doomsday.
Offline
#3 2011-03-09 21:01:44
- loafer
- Member
- From: the pub
- Registered: 2009-04-14
- Posts: 1,772
Re: sudo password vs ssh keys
Strong passwords don't have to be hard to remember. Set one which is hard to crack.
All men have stood for freedom...
For freedom is the man that will turn the world upside down.
Gerrard Winstanley.
Offline
#4 2011-03-14 08:22:28
- sigmund
- Member
- From: Milano, Italy, EU
- Registered: 2009-12-06
- Posts: 50
Re: sudo password vs ssh keys
I have been personally using pamusb (from AUR) for a year and I am very satisifed with it (though I know it's not perfect).
I have a hard to remember password, but that it's not a problem at all because I simply use a usb key that I plug-in when I switch on every pc I am working on and I never type it, nor in front of a tty, neither in front of gdm, neither kdm.
Furthermore, I have just added blueproximity and when I leave the computer it automaitcally locks it if I take my mobile phone with me whenever I am out of range and it automatically unlocks it when I am in front of the keyboard.
These two packages with sudo have made my life so easy and geeky that I can't live without them anymore!
Edit: Furthermore, I use ssh with public keys encryption and no interactive password request (so that I have not to type the password when I login remotely) and this is my complete and happily secure way of livining with a strong and forgettable password that I secretly keep in a drop place, far from my computers, just in case that something goes wrong.
Edit: On a fresh install the last thing I am going to do is to encrypt the root file system with some files stored on the same pamusb key and that will be a 100% nsa/feds proof configuration. But I haven't experimented with it at the moment. (Truecrypt already works like this and it's great) No more passwords typing in a highly secured environment! 
Eheheheh...
Last edited by sigmund (2011-03-14 09:49:13)
Definitely moving to GNU/Linux made me trust Computer Science once again.
Definitely moving to Arch made me enjoy and understand GNU/Linux once again.
Offline
#5 2011-03-15 04:49:16
- pseudonomous
- Member
- Registered: 2008-04-23
- Posts: 349
Re: sudo password vs ssh keys
What about setting a strong root password and allowing ssh-key access only root logins to localhost? Then you could do:
"ssh root@localhost"
to do system administration, and only have to remember your ssh-passphrase.
Offline
Pages: 1