[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: For those who care about pam-ssh: RFC

2008/12/4 Jens Peter Secher <jps@debian.org>:

> To do that you will need to change /etc/pam.d/ssh-auth to
>  auth sufficient pam_ssh.so

I know, that's why I'm not complaining =)
May writing it in the README.Debian could be a good idea.

> Hmm, if noone else has access to the computer (including remote
> access) then the passphrase on the SSH keys do not need to be more
> secure than the login password.  On the other hand, if there is remote
> access to the computer, then a weak password will enable an evil
> hacker to get into you account, copy your SSH key and brute-force
> attack the key elsewhere.  So I do not really see your point.

If someone has physical access to my computer, the only security is
encryption. No sense for a strong login password, he could boot with
an other OS or take out the HD and directly read the key (both options
will take far less time then brute-forcing an even weak password by
typing tries by hand).
Brute forcing a strong encryption password would take a lot of time
instead (I guess), which at least keeps safe computers not accessible
to anyone else (I'm thinking about a laptop and a home server, if I
get stolen of the laptop I can delete the public key on the server).
Please correct me if I'm completely mistaken...

Reply to: