[Gllug] Restricting ssh public key access
John Hearns
john.hearns at cern.ch
Fri Aug 2 08:30:25 UTC 2002
On Fri, 2002-08-02 at 10:07, Tethys wrote:
>
> >Don't forget that if your clients boxes aren't considered "safe",
> >password auth is just as dangerous as public key access. i.e. if someone
> >can get sufficient access to swipe their private key, they can generally
> >snoop the password just as easily :/
>
> True to an extent. However, if the clients are laptops (which they
> generally are, in this case), they they're prone to theft. A stolen
> laptop with a stored private key will give access to my machines,
> whereas if they were forced to use password authentication, they
> wouldn't get anywhere.
I've always been in favour of physical tokens or keys,
for example SecurID. (Only ever been able to persuade management
once to get SecurID).
I've also recently seen an advert from Targus pushing the use of
these USB storage dongles for keeping SSH keys.
Thoughts on that folks?
There is something deep within our society which attaches importance
to keys:
"The key of the door" at 21 years of age
Estate agents make a big play of not handing over keys till money and
contracts have firmly changed hands - physical possession of keys
somehow grants rights of entry/possession.
Importance is attached in companies to handing office keys out,
and back again at end of contracts.
IMHO - thats why users and admins don't feel strongly about
passwords - they are called passwords, and are just words.
(I suppose those who are strongly into wizardry and Tolkien would
diasgree, but I digress)
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list