Re: Q: RSA Authentication vs. Password Authentication in SSH
>>>>> "Viktor" == Viktor Rosenfeld <rosenfel@informatik.hu-berlin.de> writes:
Viktor> What's the advantage of RSA Authentication vs. Password
Viktor> Authentication except that under the first one the sshd
Viktor> server does not trust the client unless he has authorized
Viktor> himself with a key listed in authorized keys. This is
Viktor> desireable if the the client resides on the internet and
Viktor> can't be trusted, but on my local network that's not an
Viktor> issue.
Under RSA authentication, the server never sees your password. This
means that even if the remote server is compromised, your password
wont be (would be significant if you use the same password on multiple
computers).
Also, with ssh-agent, you only need to enter your passphrase once,
when first logging in to your local computer. This reduces the risk
that somebody looking over your shoulder will notice your password as
you type it in for the X millionth time (if your usage is anything
like mine...)
Viktor> However, if I disable the fallback to Password
Viktor> Authentication I can only log in from clients, that I have
Viktor> previously generated a key for and added to my
Viktor> authorized_keys database -- not practical, if I want to be
Viktor> able to log into my system from anywhere in the world. So
Viktor> disabling fallback is not an option, rendering the RSA
Viktor> Authentication useless.
I don't think there is any need to disable password authentication.
Just be aware that both the client and the server could see your
password, and could potentially steal it.
Viktor> The key from an untrusted client needs of course to be
Viktor> protected with a passphrase, otherwise it may be easily
Viktor> compromised by the client's root and allow connections to
Viktor> my system without providing a password -- big security
Viktor> hole.
Of course. Use ssh-agent means you don't have to enter your passphrase
every-time though.
Viktor> But what about keys from clients from my trusted local
Viktor> network. In order to get them one has to get access to
Viktor> the local machine first, and then they are useless,
Viktor> because the intruder has already access to my machine.
Viktor> Unless of course, a user key has no passphrase and is
Viktor> listed in root's authorized_keys file. Then an intruder
Viktor> of my user account has instant root access on my machine
Viktor> -- but how likely is this? Having no passphrase on user
Viktor> keys of the local network makes managing it very
Viktor> convenient.
I am afraid you have lost me here. Are you asking how you can securely
transfer the public keys of your clients (not an easy task), or have I
misunderstood you?
--
Brian May <bam@debian.org>
Reply to: