In the case of a passphrase-protected RSA key, the server knowsnothing about it, so you would never be able to enforce that. It's onthe client side that the key is decrypted with the passphrase beforesubmitting it to the server. Patrick
On Mon, Nov 21, 2011 at 1:19 PM, Mm Bsd <[email protected]> wrote: > Let's say I'd like to add a small amount of extra security to my SSH login > process. > > Let's say I decide the way I want to do this is by requiring BOTH a password > and an RSA key. There appear to be patches, or procedures, that allow me to > do this. So to log in, I would be required to enter a normal unix password, > but I would ALSO be required to hold a proper RSA public key. > > My question is this: > > In terms of security (and correctness ?) what's the difference between this > (unix password + SSH RSA key) and simply generating my RSA key *with* a > password ? Both ways require me to "have something" and "know something", > but they are obviously different, technically. > > Comments on the difference, and relative security of the two methods ? > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
