Re: ultrasecure sshd server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



2011/6/10 Les Mikesell <lesmikesell@xxxxxxxxx>:
> On 6/10/2011 3:35 AM, Ljubomir Ljubojevic wrote:
>> Robert Spangler wrote:
>>> On Thursday 09 June 2011 17:34, the following was written:
>>>
>>>>   How to configure sshd to required both ssh public key and user
>>>>   password also? yes, stupid, but required on my setup..
>>>
>>> Have you thought about securing your ssh keys with a pasword? I do that here
>>> so if someone would happen to get a hold of my keys they still could not use
>>> them.  I am guessing that is why you are looking for both keys and passwords.
>>>
>>>
>> Not really. My view is so he can authenticate from his own PC without
>> the need to type the password, but if he is on someone else's system he
>> whould use regular password. That is what I would like to be able to do.
>
> That's just normal behavior when both are enabled.  If the key works,
> you don't get the password prompt.  But even in the 'ultrasecure'
> scenario of requiring both, do you really want people typing their
> passwords on equipment that might have a keylogger running?

Yes, because of compliancy requirements. ssh public key does not
support expiring public keys. (maybe you can use cron job to delete too
old public keys from server?)


--
Eero
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux