[Klug-general] Problem getting ssh to use PublicKeyAuthentication :-(

[Mike Evans]

Stephen Fraser wrote:
> The idea isnt supposed to be 'password-less', ideally you would generate 
> a key with its own passphrase anyway. The point in using ssh keys is 
> increased security as not only to do you have to know the passphrase of 
> the key, you also need to have the key in the first place. This pretty 
> much makes the risk of brute-force password attacks zero.

Personally I like the idea of 'single port knocking'.  This is a 
technique where instead of exchanging keys for the ssh login you send a 
key in a UDP packet.  Because UDP is connectionless the port you use 
does not appear to be 'open' to the outside world.  Provided you contact 
the correct port (which is an opportunity for security by obscurity - 
always a nice additional touch, just pick a whacky port number) and your 
packet contains a valid key the system opens its firewall for incoming 
connections from your IP address only for a short time.  You make your 
connection (ssh or whatever other protocol) within the specified time 
and then packets on that connection are accepted until the connection is 
closed.  Clever eh?

I like the idea but don't have cause to implement it:  my firewall takes 
the "abandon hope all ye who enter here" approach to security :)

Mike