Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Suggestion to providers: import ssh keys from public sources
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Suggestion to providers: import ssh keys from public sources

ericlsericls Member, Patron Provider

such as github or keybase etc. I'm doing ssh-import-id on new servers manually anyways.

Comments

  • JioJio Member

    Further suggestion: absolutely do not whitelist ssh-rsa. We all use ed25519, ecdsa, etc. Don't fucking force ssh-rsa

    Thanked by 2ericls bulbasaur
  • Or custom post install scripting support.

  • ericlsericls Member, Patron Provider
    edited June 2021

    @TimboJones said:
    Or custom post install scripting support.

    Cloud-init would be nice. But the friction is still high enough for many to not use it.

    I think ssh key import would make sense especially for providers that already allow manual ssh key importing.

  • Daniel15Daniel15 Veteran
    edited June 2021

    So many providers send insecure root passwords (like 10 characters, no symbols) via email, so I really doubt this will happen any time soon... One can dream though :)

    Thanked by 2yoursunny bulbasaur
  • jsgjsg Member, Resident Benchmarker

    @Daniel15 said:
    So many providers send insecure root passwords (like 10 characters, no symbols) via email, so I really doubt this will happen any time soon... One can dream though :)

    That is indeed a major but sadly common idiocy. But are there really good and practically feasible alternatives?

  • @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    Thanked by 1jsg
  • @jsg said:

    @Daniel15 said:
    So many providers send insecure root passwords (like 10 characters, no symbols) via email, so I really doubt this will happen any time soon... One can dream though :)

    That is indeed a major but sadly common idiocy. But are there really good and practically feasible alternatives?

    We usually don’t send any password, neither do we ask for one (process updated around year and half back).

    Instead our welcome email tells new member to login to the control panel and create a new password.

    Pretty simple, neat and effective :)

    Thanked by 1jsg
  • jsgjsg Member, Resident Benchmarker

    @Daniel15 said:

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    A good option, but one that isn't feasible with many customers who simply wouldn't know how to generate a key.

    Thanked by 1seriesn
  • @jsg said:

    @Daniel15 said:

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    A good option, but one that isn't feasible with many customers who simply wouldn't know how to generate a key.

    If someone doesn't know how to generate a key, and also doesn't know how to Google for instructions, they probably shouldn't be running an unmanaged server that's publicly accessible over the internet...

    Thanked by 2jsg TimboJones
  • jsgjsg Member, Resident Benchmarker

    @Daniel15 said:

    @jsg said:

    @Daniel15 said:

    @jsg said: are there really good and practically feasible alternatives?

    Force people to provide a SSH key when they create a VPS from a template.

    I usually install from ISO so it's not an issue for me personally, but I've seen people just use the insecure emailed root password forever, never changing it.

    A good option, but one that isn't feasible with many customers who simply wouldn't know how to generate a key.

    If someone doesn't know how to generate a key, and also doesn't know how to Google for instructions, they probably shouldn't be running an unmanaged server that's publicly accessible over the internet...

    Absolutely full ACK - but they do.

Sign In or Register to comment.