On Thursday 24 February 2011 16:29:22 Aaron Toponce wrote: > On Thu, Feb 24, 2011 at 05:21:51PM +0100, Sjoerd Hardeman wrote: > > No, it is not. When root logins are allowed, you only need to know > > one password. When root-logins are not allowed, you need to know two > > passwords *and* a user name. > > You assume that the only way into an SSH server is through usernames and > passwords. There are many more ways than that. For example, you might let one user "sudo" without a password, disable root logins via ssh, have every other user (including root) be disabled in /etc/shadow, disable password logins via ssh, and have all other non-root users have a bogus shell like /bin/false. That user of course only have one entry in authorized_keys, and it is a 4242-bit key. Then, no passwords are required to "own" the system, but it is pretty secure anyway, depending on how you manage the private half of that key. Putting it on some sort of secure card that is locked by a 4- or 5-digit PIN + rotating 6- to 8-digits generated and displayed by a separate fob might work. This PIN should be as large as possible within the restriction that no one that has one would ever consider writing it down instead of memorizing it. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.