Skip to main content

Security

  • Use only passwords and use good ones - at least 9 characters long, a mixture of alphanumeric and non-alphanumeric characters and of mixed case. The password should be completely different to the password you use on any other system.
  • NEVER copy a private key anywhere! The private key should remain in your .ssh directory on the system you generated it on and should be readable only by you.
  • SSH key passphrases should be as secure as other passowrds.
  • Never setup passphraseless ssh keys to allow unauthenticated login access between systems.

WARNING: Incorrectly configuring ssh keys can leave your accounts vulnerable to attack and, more importantly, can provide attackers with a trivial means to transfer their attacks to other systems and organizations.

Back to top