SSH Security

Synister Syntax synistersyntaxlist at gmail.com
Wed Dec 7 19:43:33 UTC 2005


     At the same rate, why not just use a key/password solution.  Its the
best of both worlds.  You have the security of a privete key, where only the
key holder may unlock the door.  Then you have the bouncer waiting on the
otherside of the door, to make sure you have the right code.

What I am trying to say is:
     Passwords arn't all that hard to type, but they can lack in the
security department.  Either they are too short, or the "bad guys" simply
brute force you to death and get it.  Eitherway, they them selves are far
from a cure all.
     On the other hand we have keys.  You have to have the key to get in,
thats all great untill, you let someone use yoru computer.  Or borrow the
usb drive.

     Use both and your so much farther ahead.  They would have to
steal/crack your key, and crack your password.

- SynSyn

On 12/7/05, peter kostov <fedora at light-bg.com> wrote:
>
> On Wed, 2005-12-07 at 11:36 -0500, Scot L. Harris wrote:
> > On Wed, 2005-12-07 at 10:09, Matthew Miller wrote:
> > > On Wed, Dec 07, 2005 at 09:53:56AM -0500, Scot L. Harris wrote:
> > > > > I am not saying not to use key based authentication, but it is not
> a
> > > > > cure all.
> > > > You are correct, there are no magic bullet solutions.  Typically you
> > > > would still use a password/passphrase to use your private key.  Of
> > > > course the same rules apply as to any password, use a good
> non-trivial
> > > > one that can not be guessed.
> > >
> > > And even more so than normal, since anyone with a copy of the key can
> > > attempt to brute-force the passphrase at their leisure.
> >
> > Which is why you need to protect your private key....
> >
> And what about storing the private key on a memory card or usb memory
> stick?
>
> Peter
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20051207/fc50b8e1/attachment-0002.html 


More information about the users mailing list