Michael Stone wrote:
On Fri, Apr 01, 2005 at 11:43:07AM -0800, Chris Adams wrote:There's no difference between the two as regards policy - it's a one-line command to change either a password or key,There's no difference? All of the tools to automatically expire passwords at a given interval, mandate minimum complexity in passwords, and then centralize all of that policy exist in a simple plug-and-play form on a typical debian install? Do tell. Some (not all) of these things are doable, some aren't even that hard, but they are not widely deployed or even considered.
Policy was the wrong word - the basic idea is just that either way the users have a password but a private key isn't directly replayable since the attacker doesn't actually receive the key information or password.
That said, expirations would be relatively easy to add but I don't consider them a useful security measure - in practice it seems to increase helpdesk calls and lead to weaker passwords because people use patterns rather than having to memorize a new, strong password every few months.
Central distribution is also quite easy and allows you to decide how much control you want over the process - simply change the authorized key path to a directory which isn't user-writable and use your existing management tools to synchronize changed keys.
Not entirely. With passwords there's the important requirement that a password actually be sent through a compromised machine. With private keys, you're in trouble if any machine that the user happened to leavethe key on gets compromised.
Only if the key wasn't protected with a password - sure, it's possible for an attacker to brute-force the key but that's a lot more work than they'd have to do if you're using password authentication and it gives you more time to detect the intrusion and get users to change their keys.
More importantly, good policy also tells users to use ssh-agent instead of copying private keys all over the place - sure, not everyone will do it but the same is true of password policies and at least this measure increases ease of use, rather than penalizing users for being more secure.
Password complexity mandates prevent casual attacks against weak passwords also. How do you prevent weak rsa key passwords?
The easiest way is simply to replace ssh-keygen with a wrapper which calls cracklib before passing the password to the real ssh-keygen. This also has the advantage of reusing any existing cracklib policy.
Chris