Re: Security of ssh across a LAN, public key versus password

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 22/10/24 04:26, Chris Green wrote:
It's also **much** more dificult to keep all those keys etc. well
organised.  What has brought me to this question is the mixed
collection of RSA and ed25519 keys all over lots of systems getting
very difficult to keep under control, and thus error prone (=insecure).
If I went back to all passwords life would be so much easier!

Life for me actually became a lot easier when I bought myself an OpenPGP-enabled security token and learned to use the SSH agent support built into GnuPG.

If I take the token with me when I go out, someone who breaks in does not have access to my private key, because it's not stored on the computer.

If I forget to take the token with me, they get 3 guesses at correctly entering the passphrase to unlock it before the device locks itself. The only real vulnerability is if I leave it plugged-in and unlocked, but then the moment they unplug the device or power off the host it's plugged into: game over.
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux