[Gllug] Selective SSH logins
John Winters
john at sinodun.org.uk
Wed Aug 27 12:06:28 UTC 2008
Nix wrote:
> Yeah, I don't allow random strangers with root into my house.
There I think you've put your finger on the nub - those who say that
crypto keys don't add any security are missing the point that it depends
on what your configuration and requirement is.
If you're running a general system to which a lot of people have access
(via ssh) then it's true to say that your general security is only going
to be as good as the practices of your most lax user - whether that user
authenticates with a password or a key. If said user keeps his password
in a file or taped to his monitor then you have just the same sort of
problem as if he keeps his crypto key on a Windows box riddled with
spyware. Regardless of how such users connect, you need to screw down
their permissions once they're on your box as far as you can.
Consider however the case of a remote headless server (colo or virtual)
to which you want access for yourself but not for anyone else. There
the object of the exercise is to ensure that said box is *as secure* as
the local box from which you're connecting, despite it being out in the
big bad cloud. In this case the forbidding of password log on does add
significantly to your security. A system which allows password logon
can potentially be brute-forced - and you need run a visible box with
ssh on port 22 for only a short while to discover that there are indeed
lots of instances of malware out there trying to do exactly that. The
use of crypto keys in this case significantly increases your security.
(And before anyone starts putting up straw men, I'm *not* advocating
crypto keys as a substitute for anything else - as always you should use
all the measures which you can.)
John
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list