Ask HN: How do you store Unix passwords for your servers?
Happy Sunday!
I have a question for you HN readers about password security (or rather, storing passwords securely!).
I don't use password authentication (disabled in sshd_config) to SSH into my remote hosts. However, that doesn't mean I can simply throw away the password once PKA is set up. I might need to run su to login as root to install software, or to execute other privileged operations.
How do you store said passwords? Do you use a password manager? If so, do you ensure that your password manager is available even when you're away from your machine? Is there a particular software suite that you use, or would recommend?
5 comments
[ 6.3 ms ] story [ 20.7 ms ] threadThat is to say, I would venture that passwords by this or any other scheme is too easy to crack. Better have something like 1password generate them for you.
In practice, an attacker who gets a shell on one of your servers has game-over access to the data center the server's in.