this post was submitted on 29 Sep 2023
5 points (85.7% liked)

Self Hosted - Self-hosting your services.

11587 readers
27 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

I come from a Windows management history and work within a Windows Domain. So there is a level of "ease of use" that I get out of having a separate account in the "domain admins" group within Active Directory.

So now that I'm building out a home lab, and playing with Linux more, I have a few Linux servers floating around. The means of authentication are all over the place because they were all set up at different parts of the learning process. One server uses keypair authentication, the others are just PW authentication, and all the credentials on the servers are different (naturally).

It feels disorganized, and I think it would be good to learn how to do it right. I know that the modes of management are very different, and Linux servers can become effectively disposable if done correctly.

So I guess these are my questions:

  • How do you streamline authenticating to multiple servers under your control?
  • Is key authentication the way to go? If so how do you manage your keys?
  • do you make a default admin account and then make a new account for you specifically to authenticate?
top 3 comments
sorted by: hot top controversial new old
[โ€“] dbx12@programming.dev 5 points 1 year ago (1 children)

I would recommend key based authentication for SSH connections. For the normal connection, the key pair is enough, if you want admin (root) access, you would use the command sudo which in turn requires a password. For creating a default admin account: Linux does this for you, it's called root. You should create a personal user to work with in daily business and add it to the sudoers group (permits using the sudo command)

[โ€“] RedWizard@lemmygrad.ml 1 points 1 year ago (1 children)

Ok cool. That makes sense when it's explained. Not that different really.

For key authentication via ssh, is the best practice to generate a key for myself and then use that on all the servers or have one key for every server? What's the best practice for distributing / keeping track of that stuff?

Thanks again ๐Ÿ˜

[โ€“] dbx12@programming.dev 1 points 1 year ago

If all of those servers are yours (which they likely are, since you get ssh access), you can use one key for all. Using different keys would make one compromised key less problematic. But if someone was able to copy one file of your system, they can copy multiple files.

That resolves keeping track of things as well ๐Ÿ˜„