[Gllug] ssh authentification
Richard Jones
rich at annexia.org
Tue Jul 18 09:19:20 UTC 2006
On Tue, Jul 18, 2006 at 12:38:19AM +0100, Dylan wrote:
> Is it possible to configure ssh to require BOTH the public key and a
> password when accessed from outside the local network?
What's the threat you're trying to prevent here? It sounds to me a
bit like a misguided corporate policy requiring users to use passwords
to access your network.
If the threat is that someone could steal a laptop containing a
private key and access the network, then put a passphrase on that key.
You should really do this anyway.
If the threat is that someone might try to access the network from an
unauthorised device (eg. a compromised Windoze PC in an internet cafe
or at home) using just a password, then public keys will stop that.
Unless people are clever & stupid enough to copy the private key to
the unauthorised device, but then there's no way to stop that short of
some sort of trusted computing setup.
Rich.
--
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list