Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Suggestion to providers: import ssh keys from public sources
New on LowEndTalk? Please Register and read our Community Rules.

Suggestion to providers: import ssh keys from public sources

ericlsericls Member

such as github or keybase etc. I'm doing ssh-import-id on new servers manually anyways.

Linkila - Super powered short URLs

Comments

  • JioJio Member

    Further suggestion: absolutely do not whitelist ssh-rsa. We all use ed25519, ecdsa, etc. Don't fucking force ssh-rsa

  • Or custom post install scripting support.

  • ericlsericls Member
    edited June 5

    @TimboJones said:
    Or custom post install scripting support.

    Cloud-init would be nice. But the friction is still high enough for many to not use it.

    I think ssh key import would make sense especially for providers that already allow manual ssh key importing.

    Linkila - Super powered short URLs

  • Daniel15Daniel15 Member
    edited June 5

    So many providers send insecure root passwords (like 10 characters, no symbols) via email, so I really doubt this will happen any time soon... One can dream though :)

  • jsgjsg Member

    @Daniel15 said:
    So many providers send insecure root passwords (like 10 characters, no symbols) via email, so I really doubt this will happen any time soon... One can dream though :)

    That is indeed a major but sadly common idiocy. But are there really good and practically feasible alternatives?

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

  • Daniel15Daniel15 Member

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    Thanked by 1jsg
  • seriesnseriesn Member, Top Provider

    @jsg said:

    @Daniel15 said:
    So many providers send insecure root passwords (like 10 characters, no symbols) via email, so I really doubt this will happen any time soon... One can dream though :)

    That is indeed a major but sadly common idiocy. But are there really good and practically feasible alternatives?

    We usually don’t send any password, neither do we ask for one (process updated around year and half back).

    Instead our welcome email tells new member to login to the control panel and create a new password.

    Pretty simple, neat and effective :)

    Thanked by 1jsg
  • jsgjsg Member

    @Daniel15 said:

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    A good option, but one that isn't feasible with many customers who simply wouldn't know how to generate a key.

    Thanked by 1seriesn

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

  • Daniel15Daniel15 Member

    @jsg said:

    @Daniel15 said:

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    A good option, but one that isn't feasible with many customers who simply wouldn't know how to generate a key.

    If someone doesn't know how to generate a key, and also doesn't know how to Google for instructions, they probably shouldn't be running an unmanaged server that's publicly accessible over the internet...

    Thanked by 2jsg TimboJones
  • jsgjsg Member

    @Daniel15 said:

    @jsg said:

    @Daniel15 said:

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    A good option, but one that isn't feasible with many customers who simply wouldn't know how to generate a key.

    If someone doesn't know how to generate a key, and also doesn't know how to Google for instructions, they probably shouldn't be running an unmanaged server that's publicly accessible over the internet...

    Absolutely full ACK - but they do.

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

Sign In or Register to comment.