On 30Jun2017 16:53, jdow <jdow(a)earthlink.net> wrote:
On 2017-06-30 16:08, Cameron Simpson wrote:
>You omitted way 0: DO NOT ALLOW PASSWORD BASED SSH. This is the single best
>thing you can do. Allowing only key-based access simply prevents all password
>based access and is cryptographicly strong, instead human-prose-imagination
>strong, which is typically awful.
[...]
And what do I do if I have to login from a different machine than one of mine?
Should I hang a tag or key with the key to my computers on my key chain when
traveling?
Frankly, YES.
If you cannot set up a key on the foreign machine ahead of time, yes stick your
"travelling" key on a USB stick and use it. That way you can revoke it if
somehow it gets comprimised.
Cheers,
Cameron Simpson <cs(a)zip.com.au>