[Ach] Fwd: SSH Pubkey authentication?
Peter van Dijk
peter at 7bits.nl
Mon Jan 6 18:05:45 CET 2014
Hi Lorenz,
as a point of interest, please realise that an administrator has no way to enforce pass phrases on private keys!
Cheers, Peter
On 06 Jan 2014, at 18:02 , Lorenz Intichar <lorenz at intichar.at> wrote:
> Hi Aaron,
>
> just as a matter of interest: What security-wise disadvantages do you see
> in ssh pubkey authentication, especially with a private key password set?
>
> A big advantage is (of course) that password-guessing is impossible with
> just pubkey, a disadvantage is that the right private key has to present
> wherever the operator is, possibly on unsafe devices like smartphones. But
> that issue is (hopefully) sufficiently addressed by password-protecting
> the private key?
>
> Best regards,
> Lorenz
>
>
>> Hi,
>>
>> Axel Hübl wrote:
>>> Hi Lorenz,
>>>
>>> I think promoting
>>>> PasswordAuthentication no
>>>
>>> is a good thing and worth to be added, too.
>> I disagree. That's for administrators to decide if they want to use
>> public key authentication or password auth. Both have advantages and
>> disadvantages (security-wise and operational).
>>
>> Aaron
>>
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140106/e8244087/attachment.sig>
More information about the Ach
mailing list