[Gllug] ssh authentification

[Tethys]

Richard Jones writes:

>If the threat is that someone could steal a laptop containing a
>private key and access the network, then put a passphrase on that key.
>You should really do this anyway.

The problem is that it's very difficult to enforce that. If a staff
member wants to install a passwordless keypair that gives them access
to your systems, how do you prevent it?

When I faced the same problem before, I went for the two factor
authentication approach. No matter whether you used a password or
public key to get in, you couldn't get any further until you'd
supplied a one time password that was sent out of band (via SMS to
your mobile phone).

Tet
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug