RE: SSH Security



> On Wed, 2005-12-07 at 09:35, STYMA, ROBERT E (ROBERT) wrote:
> > > Key based authentication is the right way to go. You should disable
> > > root ssh access completely.
> > >
> >
> > Key based authentication is good, but there is one caveat. Straight
> > key based allows you to log in directly without typing a password.
> > If you are ssh'ing from work to home from a UNIX machine, any sys-admin
> > with the root password on your work machine can become you and then
> > ssh to your home machine as you with no password. Maybe you don't care
> > if your sysadmin is dinking around in your home machine and maybe you
do.
> >
> > I am not saying not to use key based authentication, but it is not a
> > cure all.
>
> You are correct, there are no magic bullet solutions. Typically you
> would still use a password/passphrase to use your private key. Of
> course the same rules apply as to any password, use a good non-trivial
> one that can not be guessed.

You should use a passphrase to use with your private key, unless you're
using SSH between servers on the same subnet (preferably without third-party
network components) and the boxes use the same passwords.

Kind regards,

Jeroen van Meeuwen

--
kanarip

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



Relevant Pages

  • RE: SSH Security
    ... >> root ssh access completely. ... > Key based authentication is good, ... > with the root password on your work machine can become you and then ... > if your sysadmin is dinking around in your home machine and maybe you do. ...
    (Fedora)
  • RE: SSH Security
    ... > root ssh access completely. ... Key based authentication is good, ... with the root password on your work machine can become you and then ... if your sysadmin is dinking around in your home machine and maybe you do. ...
    (Fedora)
  • Re: SSH Security
    ... >> have an SSH port open and accessible via the Internet? ... >> key-based authentication only and disabling password authentication. ... > root ssh access completely. ...
    (Fedora)
  • Re: Setting up SSH on Snow Leopard
    ... The above indicates that the only two methods of authentication ... I did *not* enable the publickey or ... keyboard-interactive methods in my client. ... being advertised by the SSH server on the Mac client? ...
    (comp.sys.mac.system)
  • Re: authentication problem
    ... I have an authentication issue with ssh that i'd like to ask for clues ... but owner? ... Could you make sure ~/.ssh on both machines is only read/write ...
    (Fedora)