(www.kkyri.com)

47 points todsacerdoti | 2 comments | 22 Oct 24 00:52 UTC | HN request time: 0.001s | source

1. yjftsjthsd-h ◴[22 Oct 24 01:46 UTC] No.41910374[source]▶

>>41910124 (OP) #

You should always verify that SSH password auth is actually off; run

  ssh -v myserver : 2>&1 | grep continue

and ensure that it only gives "publickey"!

(A surprising number of VPSs will re-enable passwords in a .d config file. And really, even if you've checked for that, the extra 10 seconds to make sure is worth it.)

replies(1): >>41910475 #

2. remram ◴[22 Oct 24 02:06 UTC] No.41910475[source]▶

>>41910374 (TP) #

Good advice. Another option:

  ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no myserver

↑

How to secure your new VPS: a step-by-step guide