Re: server security :: user accounts, ssh, passphrases, etc.

To: debian-user@lists.debian.org
Subject: Re: server security :: user accounts, ssh, passphrases, etc.
From: Celejar <celejar@gmail.com>
Date: Thu, 3 Apr 2008 21:47:14 -0400
Message-id: <[🔎] 20080403214714.55b73068.celejar@gmail.com>
In-reply-to: <[🔎] 20080403172334.GH19887@sherohman.org>
References: <[🔎] 20080402153335.GA22692@oplink.net> <[🔎] 20080403172334.GH19887@sherohman.org>

On Thu, 3 Apr 2008 12:23:34 -0500
Dave Sherohman <dave@sherohman.org> wrote:

[snip]

> When using public key auth, copy *only* your public key to the server.
> (ssh-copy-id is a handy way to automate this.)  So long as your private
> key remains secure, there is very little risk to an attacker getting
> their hands on the public key - that's kind of the point of public key
> crypto, after all.  Unless they take the time to successfully factor the
> public key, there is no way it can be used to attack your systems; the
> worst they could do with it is grant you access to their server and run
> a keylogger there.

And IIUC, that's what ~/.ssh/known_hosts is all about; if an attacker's
machine presents your public key to you, ssh will give you a scary
warning about the IP / public key mismatch.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

Reply to:

References:
- server security :: user accounts, ssh, passphrases, etc.
  - From: "Russell L. Harris" <rlharris@oplink.net>
- Re: server security :: user accounts, ssh, passphrases, etc.
  - From: Dave Sherohman <dave@sherohman.org>

Prev by Date: Re: number of users accessing a wireless network
Next by Date: Re: HP/Compaq dv6700z notebook
Previous by thread: Re: server security :: user accounts, ssh, passphrases, etc.
Next by thread: KDE Notifications no longer working
Index(es):
- Date
- Thread