It is strongly recommended to use the RCE console's "keytool uplink-pw" command to generate secure passwords for Uplink accounts. This command creates a random password with approximately 80 bits of entropy, which is considered secure for accounts based on remote login attempts. Alternatively, you can also use SSH key files -- please refer to the RCE User Guide for this.

In both cases, the login credentials (the password or the SSH key pair) should be generated on the client side, ideally by individual users themselves to minimize the transfer of credential data. The relay server's administrator should only receive either the password's bcrypt hash, or the public part of the SSH key pair.

(Deprecated approach:) When using the built-in administration text mode UI to create SSH accounts, there is an issue when entering passwords including the "@" character. This does not weaken security in any way, but can be confusing for end users when their correctly entered password does not work. It may be advisable to inform users about this.

Hashing SSH passwords with external BCrypt tools has been successfully tested and may be documented in a future version of this guide. Please note, however, that this is only ever useful in automated testing or deployment approaches. For normal user operation, the "keytool uplink-pw" console command mentioned above is strongly preferred.