[Gllug] Selective SSH logins

- Tethys tethys at gmail.com
Tue Aug 26 12:39:35 UTC 2008


On Tue, Aug 26, 2008 at 1:26 PM, James Laver <gllug at jameslaver.com> wrote:

> I assume you have reasonable justification beyond "I'm incapable of keeping
> my private key safe"?

That's justification enough in my eyes. Overall system security is
only as strong as its weakest component. The more remote users you
have, the higher the chance that one of them has a compromised private
key. Don't get me wrong, ssh keys have their uses, and I use them
extensively. But they're not without their problems, and few seem to
admit that those problems exist. Like everything else in the security
world, ssh keys are a tradeoff. In this case, increasing protection
against snooping, at the expense of losing control over the security
of the private keys (and hence overall system security).

Tet

-- 
Perl is like vise grips. You can do anything with it but it is the
wrong tool for every job. -- Bruce Eckel
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list