I come from a Windows management history and work within a Windows Domain. So there is a level of “ease of use” that I get out of having a separate account in the “domain admins” group within Active Directory.
So now that I’m building out a home lab, and playing with Linux more, I have a few Linux servers floating around. The means of authentication are all over the place because they were all set up at different parts of the learning process. One server uses keypair authentication, the others are just PW authentication, and all the credentials on the servers are different (naturally).
It feels disorganized, and I think it would be good to learn how to do it right. I know that the modes of management are very different, and Linux servers can become effectively disposable if done correctly.
So I guess these are my questions:
- How do you streamline authenticating to multiple servers under your control?
- Is key authentication the way to go? If so how do you manage your keys?
- do you make a default admin account and then make a new account for you specifically to authenticate?
I would recommend key based authentication for SSH connections. For the normal connection, the key pair is enough, if you want admin (root) access, you would use the command sudo which in turn requires a password. For creating a default admin account: Linux does this for you, it’s called root. You should create a personal user to work with in daily business and add it to the sudoers group (permits using the sudo command)
Ok cool. That makes sense when it’s explained. Not that different really.
For key authentication via ssh, is the best practice to generate a key for myself and then use that on all the servers or have one key for every server? What’s the best practice for distributing / keeping track of that stuff?
Thanks again 😁
If all of those servers are yours (which they likely are, since you get ssh access), you can use one key for all. Using different keys would make one compromised key less problematic. But if someone was able to copy one file of your system, they can copy multiple files.
That resolves keeping track of things as well 😄