Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

it works fine for production. although one time one of my none essential droplet had trojan and started launchign DDOS attacks and it was shut down. I don't know how it happened but the password was super weak.

Strong passwords and always use a private key when SSHing.



Or no password and only private key :)


isn't the whole purpose of private key to avoid having to type in password?


You don't want passwords, at all, so that you can't be bruteforced.

On the otherside, your private key, on your local machine, should be password protected. But the node itself should not accept passwords over SSH.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: