on Tue, Jun 05, 2001 at 08:37:16PM +0200, Hendrik Sattler (sattler2000@gmx.de) wrote: > Karsten M. Self wrote: > >> If you administrate XYZ different computer systems, and each computer > >> has a different root password, it can become very difficult to > >> remember all these passwords (especially if you don't regularly use > >> that particular system). > > > > This is why God invented ssh RSA key authentication. One passphrase > > (mine runs better than 25 characters) hits all systems. For one bastion > > system I accessed, I didn't *know* my user password, having first > > changed it to some arbitrary 12 character string. pwgen is fun. I've > > also checked to see that it generates a wide range of generally distinct > > passwords, and it appears it does (posted recently to bugtraq). > > Then you have some kind of security weakness. One account makes all other > mashines accessible. That is same as using the same password everywhere. > The only difference: you changed the hacker entry from all mashines to only > your mashine but I guess a sshd runs there, too. > > All secure ways are only less insecure... Please reply to list mail on list unless clearly indicating other intent. Response to list, Reply-to set to list. Security involves balancing risks. How is authenticated, from-a-single-point, revokable access, worse than the practices typically engendered by multiple passwords (often stored insecurely), single passwords shared over multiple systems, and/or shared root accounts. Compromise of a system on which an RSA key is used to access other systems is somewhat analagous to compromise of a system on which multiple passwords are kept, or compromise of a single sharede password. However, the damage is mitigated in that the single system must then be used to launch attacks -- the window afforded is still rather small, and can be isolated at either end (by securing the compromised system or by rejecting acces from it for the other remote systems). In a multiuser environment, if a user is suspect (or his/her access needs to be restricted), removing an allowed-hosts entry is sufficient. I don't know that it's possible to disable password authentication, or to require passphrase authentication (unsecured RSA keys *are* a security threat). -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org Disclaimer: http://www.goldmark.org/jeff/stupid-disclaimers/
Attachment:
pgpNpk1t9fhOF.pgp
Description: PGP signature