On Tue, 2 Feb 2010, Edward Ned Harvey wrote: >> I keep hearing keys only ssh ... I'll add that too. But I do have a > > Why is it so common to jump to the conclusion that keys-only-ssh is more > secure than passwords? I somewhat or sometimes disagree with this. When you > use ssh keys, it's a virtual certainty that the keys are stored on the > client's disk ... and a lot of users will not protect the key itself with a > password or encryption. I think if you don't protect your key with a > password, it's easier to compromise a system by stealing someone's keys than > it is to brute force a password, even though the password is a smaller number > of bits. > > The proper way to do it (Plan A) is to use keys only, but ensure your keys > are themselves protected by password. > Plan B, I would say, is strong passwords. > Plan C, I would say, is keys only ... without protecting the keys. > > Point is: At the server, yes you have the ability to enforce a password > complexity requirement. No, you don't have the ability to enforce a > keys-must-be-encrypted-on-the-client-laptop policy. >
The real answer in production is to use a token authentication that is not accessable to someone who hacks the client machine, but this is a game where such infrastructure is not feasible. David Lang _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
