Hi Marko,
> Using the ssh key can be problematic because it is too long and too random to
> be memorized --- you have to carry it on a usb stick (or whereever). This
> provides an additional point of failure should your stick get lost or stolen.
this is only correct when you use SSH keys without a sufficiently secure passphrase. Which you obviously should never do. If you have a passphrase with your key, finding or stealing the USB stick is completely useless, and even if someone gets at your key, your no worse off than with password authentication.
> Human brain is still by far the most secure information-storage device. :-)
I strongly disgree. Social engineering is a very efficient way to get at other people's data.
> It is very inconvenient for people who need to login to their servers from
> random remote locations (ie. people who travel a lot or work in hardware-
> controlled environment).
Agreed.
> Besides, it is essentially a question of overkill. If password is not good
> enough, you could argue that the key is also not good enough --- two keys (or
> a larger one) would be more secure. Where do you draw the line?
One key is indefinitely better than a password. The additional security you gain when you add another key is, however, disputable.
Best regards,
Peter.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
