[Gllug] Restricting ssh public key access

John Edwards John.Edwards at cornerstonelinux.co.uk
Fri Aug 2 09:18:31 UTC 2002


On Fri, Aug 02, 2002 at 09:07:53AM +0100, Tethys wrote:
> 
> >Don't forget that if your clients boxes aren't considered "safe",
> >password auth is just as dangerous as public key access. i.e. if someone
> >can get sufficient access to swipe their private key, they can generally
> >snoop the password just as easily :/
> 
> True to an extent. However, if the clients are laptops (which they
> generally are, in this case), they they're prone to theft. A stolen
> laptop with a stored private key will give access to my machines,
> whereas if they were forced to use password authentication, they
> wouldn't get anywhere.
> 
> Tet

Don't you need a passphrase to use the private key ?

Or are you also worried that people will set this to something 
that is easy to brute force or, even worse, leave it as blank ?

-- 
#------------------------------------------------------------#
|      John Edwards    Email: John.Edwards at uk.com            |
|                                                            |
|     "Security vulnerabilities are here to stay."           |
|   Scott Culp, Manager, Microsoft Security Response Center  |
#------------------------------------------------------------#

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list