--- On Fri, 6/6/08, Bond Masuda <bond.masuda@xxxxxxxxxx> wrote:
> From: Bond Masuda <bond.masuda@xxxxxxxxxx>
> Subject: Re: Allowing remote root login seems to be bad. Why? (SUMMARY)
> To: secureshell@xxxxxxxxxxxxxxxxx
> Date: Friday, June 6, 2008, 4:17 AM
> Hari Sekhon wrote:
> > I am a little surprised people have not been talking
> about ssh-key-only
> > logins (but then I didn't bother mentioning it
> until now either... ;-) )
>
> In my experience, using public key authentication is often
> more of a
> security risk, depending on the situation. If the remote
> machine that
> holds the private key (and some store this with no password
> for
> convenience) is compromised, they immediately have an open
> door into
> your server. You may have no control how passwords are
> enforced, updates
> are applied, or if any security is implemented on the
> remote end.
> Setting up public key authentication, in effect extends
> your "trust
> domain" to a server that may not be so trust worthy.
> To me, it makes
> more sense to rely on security I can control. (which is
> often not the
> case if it is some other user's office desktop or
> workstation)
>
> -Bond
There are some good reasons to force key authentication. You can set up some good rules in the authorized_keys file, and on a user-to-user basis. Some examples:
from="pattern-list"
no-agent-forwarding
no-port-forwarding
no-pty
no-X11-forwarding
permitopen="host:port"
