[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Q: RSA Authentication vs. Password Authentication in SSH

>>>>> "Viktor" == Viktor Rosenfeld <rosenfel@informatik.hu-berlin.de> writes:

    Viktor> What's the advantage of RSA Authentication vs. Password
    Viktor> Authentication except that under the first one the sshd
    Viktor> server does not trust the client unless he has authorized
    Viktor> himself with a key listed in authorized keys.  This is
    Viktor> desireable if the the client resides on the internet and
    Viktor> can't be trusted, but on my local network that's not an
    Viktor> issue.

Under RSA authentication, the server never sees your password. This
means that even if the remote server is compromised, your password
wont be (would be significant if you use the same password on multiple
computers).

Also, with ssh-agent, you only need to enter your passphrase once,
when first logging in to your local computer. This reduces the risk
that somebody looking over your shoulder will notice your password as
you type it in for the X millionth time (if your usage is anything
like mine...)

    Viktor> However, if I disable the fallback to Password
    Viktor> Authentication I can only log in from clients, that I have
    Viktor> previously generated a key for and added to my
    Viktor> authorized_keys database -- not practical, if I want to be
    Viktor> able to log into my system from anywhere in the world.  So
    Viktor> disabling fallback is not an option, rendering the RSA
    Viktor> Authentication useless.

I don't think there is any need to disable password authentication.
Just be aware that both the client and the server could see your
password, and could potentially steal it.

    Viktor> The key from an untrusted client needs of course to be
    Viktor> protected with a passphrase, otherwise it may be easily
    Viktor> compromised by the client's root and allow connections to
    Viktor> my system without providing a password -- big security
    Viktor> hole.

Of course. Use ssh-agent means you don't have to enter your passphrase
every-time though.

    Viktor> But what about keys from clients from my trusted local
    Viktor> network.  In order to get them one has to get access to
    Viktor> the local machine first, and then they are useless,
    Viktor> because the intruder has already access to my machine.
    Viktor> Unless of course, a user key has no passphrase and is
    Viktor> listed in root's authorized_keys file.  Then an intruder
    Viktor> of my user account has instant root access on my machine
    Viktor> -- but how likely is this?  Having no passphrase on user
    Viktor> keys of the local network makes managing it very
    Viktor> convenient.

I am afraid you have lost me here. Are you asking how you can securely
transfer the public keys of your clients (not an easy task), or have I
misunderstood you?
-- 
Brian May <bam@debian.org>
Reply to: