I'm curious about the security of using a very long password generated by OpenSSL (like from the command `openssl rand -base64 48`) to SSH into my VPS. After checking its strength on a password testing tool, it seems like it would take centuries to crack. I also noticed that when I enter the wrong password, my hosting company appears to add a delay before notifying me, which makes me think they'll catch any brute-force attempts if they happen. While I know the best practice is to use SSH keys and not rely on passwords, I wonder how much more secure that really is compared to just using a strong password. What's the security ratio between using strong passwords and SSH keys?
2 Answers
Long passwords are better, but a long password combined with an SSH key is even more secure. The combination maximizes security for your connections!
Best practice is always to use SSH keys. Keep usernames and passwords for local access or escalated privileges only. Remember, most hosting services leave the security on you, so it’s your job to monitor and secure your machine.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures