On 21.10.24 20:26, Chris Green wrote:
I have a small LAN at home with nine or ten systems on it running various varieties of Linux. I 'do things' on the LAN either from my dekstop machine or from my laptop, both run Xubuntu 24.04 at the moment. There's a couple of headless systems on the LAN where login security is important to me and I've been thinking about the relative merits of password and public-key authentication. [...] If someone 'breaks in' (in the physical or computer sense) to my desktop then how might they attack another system on the LAN? [...] [...] If I went back to all passwords life would be so much easier!
As has already been pointed out, if someone manages to break into your workplace machine, the (past) security of the rest of the network is usually not the most pressing concern, much less your only one. But let's stick to that, for the sake of the argument.
Subverting your workplace machine - the same account you log in as, or even a superuser - gives the attacker a lot of possibilities, essentially getting his hands on all data that passes through that computer, from keystrokes to (before-/after-encryption) network communication to the contents of your screen. If that's a scenario probable enough to make it a concern, and the consequences for the other hosts in your LAN important enough to consider, the question to answer is not "which auth protocol spoken *by the subverted machine* is a bit harder to catch as well" but "how do get I get the relevant secrets *off* that machine and into an *actually* secure location".
Thanks to Yubikeys and similar devices, that is actually feasible, but it also makes it quite clear why *then* using keypair auth is vastly preferable: A password still needs to travel through the insufficiently secure machine whenever you use it, and can get snarfed there; a private key, on the other hand, never leaves the extra device and the worst the attacker can achieve is to *somehow* piggyback onto *your* activity (which will definitely not be as easy as copy-pasting a password out of a data stream recorded way-back-when).
do people use a password managerNot for passwords, I remember all the ones I use a lot.
Then I have a thought experiment for you: Let's assume that you found your workplace machine to be hacked and are now busy setting up a new one from scratch. Which of these two subtasks sounds easier to do:
a) Create new keypairs, possibly reusing the old passphrases for them (because either you succeeded in making the new setup more secure, then reusing the passphrases won't matter, or you didn't, then the attacker would likely eavesdrop new ones soon-ish, anyway)
b) Replace *every* password and *memorize* them all, preferably from one day to the next
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
