On Tue, Oct 22, 2024 at 11:33:27AM +0200, Jan Eden via openssh-unix-dev wrote: > On 2024-10-22 09:14, Chris Green wrote: > > > OK, I think I have realised what has been confusing me (and, maybe > > you, in the plural). > > > > I have been looking at this security question with a sort of 'tunnel > > vision', I'm concerned with login security of remote systems **when > > viewed from my desktop**. For this specific case, i.e. when someone > > is sitting at my desk, or has my laptop in front of them, there is > > little to choose between password and public-key authentication. To > > break either, all the intruder has to do is guess/break my password or > > the passphrase protecting my public-key. > > A little late to chime in, but if you are so concerned about access to > your laptop, there are measures unrelated to SSH you could take. Your > scenario sounds as if anyone could sit down at your desk and immediately > proceed to brute-forcing your credentials for SSH connections. Wouldn't > it be possible to physically restrict access to your desk and/or laptop? > Yes, quite. The physical security of systems is probably much more important than whether one allows password authentication or not! I do try and make sure that there is nothing important (i.e. worth stealing) on my systems that isn't in encrypted files. My concerns about ssh access are more to do with data preservation, i.e. not wanting to lose old photographs and files, rather than their monetary value. -- Chris Green _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev