[Gllug] ssh authentification
Bruce Richardson
itsbruce at uklinux.net
Tue Jul 18 16:36:27 UTC 2006
On Tue, Jul 18, 2006 at 12:41:41PM +0100, Martin wrote:
> Tethys wrote:
> >The problem is that it's very difficult to enforce that. If a staff
> >member wants to install a passwordless keypair that gives them access
> >to your systems, how do you prevent it?
> >
>
> Have the user send you both the public and private keys and test using
> ssh -i
>
> Not ideal, I agree, but does enforce the policy.
It doesn't, because there is nothing to stop the user keeping an
unprotected copy of the key. The passphrase is used to decrypt the key
on the client side and the server does nothing to verify that.
--
Bruce
The ice-caps are melting, tra-la-la-la. All the world is drowning,
tra-la-la-la-la. -- Tiny Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060718/5e0e4cf9/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list