Two passwords for console login and remote login
Is it possible to have two passwords - one for console login and one for remote login?
My computer is in a secure office, so I am not concerned about someone physically breaking in. However, it is a different story from the network. I have hackers trying to break in almost daily. My strategy has been to use a very long and cryptic password. But that also makes it difficult for me when logging in from the console. Even the screen lock is a problem. I end up writing the passwords on a piece of paper, but that is even worse. A two password system would be a nice solution. Does it exist? |
How are you logging in remotely? If you are using ssh, then you can set up passwordless login using an RSA public/private key pair. You would then disable password login in your ssh config. Local console logins would still require your normal login password, but the ssh login would use only the public/private RSA key.
|
Quote:
Having different passwords for remote and local logins would be a nice feature, but it looks like it may not be possible. |
You could use Diceware to create a strong passphrase. Since the diceware method creates a passphrase composed of several words chosen randomly, they aren't hard to remember.
Some may disagree with me, but I think there is really nothing wrong with writing down a password, so long as you treat it like you would your credit cards or cash. Keep your password written down in a safe place, like in your wallet. You said your concern was mainly attacks over the network. Since you said you are using RSA key pairs, I presume the daily hacking attempts you referred to are via ssh. If you disallow password login in sshd_config by specifying the "PasswordAuthentication no" option, and you have enabled RSAAuthentication and PubkeyAuthentication, then you don't need to make your local console login password so difficult that you can't remember it because no one will be able to login via ssh with a password. Even if someone knew your password, they couldn't login with it via ssh if PasswordAuthentication is disabled. You might consider also setting "PermitRootLogin no" and limit which accounts can login with the AllowUsers option. |
Quote:
However, it would still be a good idea if users could set up different passwords for different methods of access. I am actually surprised why this has not been thought of yet. |
Is there any reason that you couldn't set up different users (as members of the same group) using the same home directory? Then the SSH user/password combination would be different from the local user/password combo, but they would be almost identical otherwise. (The only problem would be files that default to different access permissions for the user and group, and you could set up a chron job [or a .bashrc script) to make any necessary adjustments.)
|
All times are GMT -5. The time now is 11:41 PM. |