[Gllug] ssh authentification

Bruce Richardson itsbruce at uklinux.net
Tue Jul 18 16:36:27 UTC 2006

On Tue, Jul 18, 2006 at 12:41:41PM +0100, Martin wrote:
> Tethys wrote:
> >The problem is that it's very difficult to enforce that. If a staff
> >member wants to install a passwordless keypair that gives them access
> >to your systems, how do you prevent it?
> >  
> Have the user send you both the public and private keys and test using 
> ssh -i
> Not ideal, I agree, but does enforce the policy.

It doesn't, because there is nothing to stop the user keeping an
unprotected copy of the key.  The passphrase is used to decrypt the key
on the client side and the server does nothing to verify that.


The ice-caps are melting, tra-la-la-la.  All the world is drowning,
tra-la-la-la-la.  -- Tiny Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060718/5e0e4cf9/attachment.pgp>
-------------- next part --------------
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list