[Gllug] sudo authentication against ssh key

[- Tethys]

On Mon, Jul 20, 2009 at 6:30 PM, James
Courtier-Dutton<james.dutton at gmail.com> wrote:

> I would go with the two factor authentication is better than one
> factor authentication.

So would I. However, public key authentication isn't two factor. It's
a single factor, just like a password is. Like anything when it comes
to IT security, it's a trade off. With a key pair, the password/phrase
is never transmitted over the wire. That would appear to be a win at
first glance. But that's not necessarily true. Although there are no
end of theoretical vulnerabilities, the main ones I can see are:

Key pair:
- Protocol vulnerability allows sniffing of data.
- Private key is discovered by attacker through local exploit on client
  at any time.

Password:
- Protocol vulnerability allows sniffing of both data and password.
- Password is discovered by attacker through keylogging or similar on client
  at authentication time.

Of those, I'd say the private key being discovered is a higher risk
than the others by orders of magnitute. You're effectively outsourcing
your security to your end users, a demographic not usually renowned
for being particularly good at it. Hell, half of them may well not
even have their private keys protected by a passphrase, and you have
no way of enforcing that either, because it's out of your hands. Put
simply, I don't trust end users to keep their private key sufficiently
private. If your end users are sufficiently security aware that you
*do* trust them to keep their client machines secure, then that's
fine. It's very rare to find such users, though, even in an IT
department. YMMV.

Tet

-- 
The greatest shortcoming of the human race is our inability to
understand the exponential function -- Albert Bartlett
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug