LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
Search this Thread
Old 08-08-2013, 06:34 PM   #1
asarangan
LQ Newbie
 
Registered: Jul 2009
Posts: 17

Rep: Reputation: 0
Two passwords for console login and remote login


Is it possible to have two passwords - one for console login and one for remote login?

My computer is in a secure office, so I am not concerned about someone physically breaking in. However, it is a different story from the network. I have hackers trying to break in almost daily.

My strategy has been to use a very long and cryptic password. But that also makes it difficult for me when logging in from the console. Even the screen lock is a problem. I end up writing the passwords on a piece of paper, but that is even worse.

A two password system would be a nice solution. Does it exist?
 
Old 08-08-2013, 09:41 PM   #2
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 805

Rep: Reputation: 158Reputation: 158
How are you logging in remotely? If you are using ssh, then you can set up passwordless login using an RSA public/private key pair. You would then disable password login in your ssh config. Local console logins would still require your normal login password, but the ssh login would use only the public/private RSA key.
 
Old 08-09-2013, 12:12 AM   #3
asarangan
LQ Newbie
 
Registered: Jul 2009
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Z038 View Post
How are you logging in remotely? If you are using ssh, then you can set up passwordless login using an RSA public/private key pair. You would then disable password login in your ssh config. Local console logins would still require your normal login password, but the ssh login would use only the public/private RSA key.
Yes I am using RSA key pairs to login without a password remotely. This is what allows me to set a strong password and not have to type it every time. The problem is when I have to login from the console. I end up writing the password on a piece of paper and then carrying it with me. It is way too clumsy and slow. I am tempted to just use a simple password but it defeats the purpose.

Having different passwords for remote and local logins would be a nice feature, but it looks like it may not be possible.
 
Old 08-09-2013, 01:03 AM   #4
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 805

Rep: Reputation: 158Reputation: 158
You could use Diceware to create a strong passphrase. Since the diceware method creates a passphrase composed of several words chosen randomly, they aren't hard to remember.

Some may disagree with me, but I think there is really nothing wrong with writing down a password, so long as you treat it like you would your credit cards or cash. Keep your password written down in a safe place, like in your wallet.

You said your concern was mainly attacks over the network. Since you said you are using RSA key pairs, I presume the daily hacking attempts you referred to are via ssh. If you disallow password login in sshd_config by specifying the "PasswordAuthentication no" option, and you have enabled RSAAuthentication and PubkeyAuthentication, then you don't need to make your local console login password so difficult that you can't remember it because no one will be able to login via ssh with a password. Even if someone knew your password, they couldn't login with it via ssh if PasswordAuthentication is disabled. You might consider also setting "PermitRootLogin no" and limit which accounts can login with the AllowUsers option.
 
Old 08-13-2013, 10:27 AM   #5
asarangan
LQ Newbie
 
Registered: Jul 2009
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Z038 View Post
You could use Diceware to create a strong passphrase. Since the diceware method creates a passphrase composed of several words chosen randomly, they aren't hard to remember.

Some may disagree with me, but I think there is really nothing wrong with writing down a password, so long as you treat it like you would your credit cards or cash. Keep your password written down in a safe place, like in your wallet.

You said your concern was mainly attacks over the network. Since you said you are using RSA key pairs, I presume the daily hacking attempts you referred to are via ssh. If you disallow password login in sshd_config by specifying the "PasswordAuthentication no" option, and you have enabled RSAAuthentication and PubkeyAuthentication, then you don't need to make your local console login password so difficult that you can't remember it because no one will be able to login via ssh with a password. Even if someone knew your password, they couldn't login with it via ssh if PasswordAuthentication is disabled. You might consider also setting "PermitRootLogin no" and limit which accounts can login with the AllowUsers option.
Thank you for that suggestion. I liked the idea of disabling root login via ssh. That way I was able to set up a simple password for root and not have to worry about breakins through the network.

However, it would still be a good idea if users could set up different passwords for different methods of access. I am actually surprised why this has not been thought of yet.
 
Old 08-13-2013, 11:38 AM   #6
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,154

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Is there any reason that you couldn't set up different users (as members of the same group) using the same home directory? Then the SSH user/password combination would be different from the local user/password combo, but they would be almost identical otherwise. (The only problem would be files that default to different access permissions for the user and group, and you could set up a chron job [or a .bashrc script) to make any necessary adjustments.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote ssh login (passwords useless), and local login (using password) linuxStudent11 Linux - Security 1 01-09-2013 02:30 PM
unable to login any user through the console but users can login in GUI p kumar Linux - Server 1 04-19-2012 07:09 AM
[SOLVED] Remote access problem-no ssh;local console rapid scrolling screen no login prompt kapshure Linux - Newbie 2 11-08-2010 05:41 PM
Different passwords for normal/remote login? mike11 Linux - Newbie 6 04-26-2010 05:19 PM
RHEL 5 and X-Win32 remote login appears on console?? thepeleda Linux - Newbie 1 02-12-2009 09:16 PM


All times are GMT -5. The time now is 03:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration