Corion
nixCraft 🐧Poll: The most common way I've seen for SSH access to #Linux or #Unix servers (please boost for reach. TIA):
Username and password
SSH authorized_keys (pub key)
SSH Certificates
Other (I will reply below)
Poll ended at .
Niels K.@nixCraft I’ve seen mostly user/password but I strongly encourage to use ssh certificates when having to handle more than a couple of machines. They are awesome.
Melroy van den Berg
Chris McCabe
Alan Hicks@nixCraft I'm surprised and disappointed there are still so many using username password instead of secure alternatives 😢
Canwr Ffug@nixCraft This is just a data gathering attempt for phising later isn't it?
Patrice@nixCraft been mostly using AD integration with sssd for user accounts, SSH Keys (authorized_keys) for functional accounts (Ansible). No local user/password accounts on any machine. Access to the machines is being managed by moving users in/out of AD groups
🇨🇦 Josh Kellendonk@nixCraft authorized keys are the way.
Stephen Greenham@nixCraft Yubikey paired with certs! 🥰
LievenBlancke@nixCraft public key + FIDO2
Mynacol@nixCraft SSH keypair, saved in a TPM where possible. I recommend https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md for setup instructions.
jstm@sos:~$ 
@nixCraft I use a username and password but I have a button on my Streamdeck that launches konsole with sshpass so I don't have to type in my login credentials every time I connect to my server.
Thomas H Jones II@nixCraft Wait: seen others or how I access?
دانیال بهزادی 🦁@nixCraft
Is there an article comparing ssh keys and certs login?
Is there an article comparing ssh keys and certs login?
Pratham Patel 
@nixCraft pubkey auth for prod and passwds for local VMs and other stuff that doesn’t need security
Kyle Anderson
Fritz Adalis
Thomas Jones@nixCraft
Depends on the environment.
In AD-integrated environments, it's a mix of GSSAPI tokens and password-based authentication.
In IPA-integrated environments, it's been a mix of GSSAPI tokens, SSH authorized_keys and passwords.
In "cattle" environments, it's been SSH authorized_keys (injected at deployment-time via cloud-init or subordinate processes).
A significant percentage of my customers are both RHEL-using and not-exactly-proactive in how they migrate to newer EL majors or (especially) retiring older EL majors. As such, migrating to SSH certificates is pretty much a non-starter since not every RHEL version supports their use (nor do they want instantiate the additional infrastructure to support it).
Depends on the environment.
In AD-integrated environments, it's a mix of GSSAPI tokens and password-based authentication.
In IPA-integrated environments, it's been a mix of GSSAPI tokens, SSH authorized_keys and passwords.
In "cattle" environments, it's been SSH authorized_keys (injected at deployment-time via cloud-init or subordinate processes).
A significant percentage of my customers are both RHEL-using and not-exactly-proactive in how they migrate to newer EL majors or (especially) retiring older EL majors. As such, migrating to SSH certificates is pretty much a non-starter since not every RHEL version supports their use (nor do they want instantiate the additional infrastructure to support it).
kravietz 🦇SSH in FIDO2 hardware keys does work pretty well already.
@nixCraft
In environments that support it I use Kerberos (usually AD) with GSSAPI. Is cert auth superior?
In environments that support it I use Kerberos (usually AD) with GSSAPI. Is cert auth superior?
l4p1n 🇨🇭@nixCraft public keys managed with an initialization Ansible role.
I've tried ssh certs, but it's more annoying to manage for my setup so far
정아름@nixCraft I use pubkey(mainly) or password+totp(for emergency reason)