Re: OT: Safe to access SSH server from work?
On Thursday 5 May, 2011 17:15:11 Perry Thompson wrote:
> On 05/05/2011 06:46 PM, CACook@quantum-sci.com wrote:
> > On Thursday 5 May, 2011 15:09:02 Brian wrote:
> >> Use a strong password or ssh keys for access to the server. The question
> >> is whether you trust the machine you use at work.
> > OK, say you -don't- trust your machine at work. Workarounds?
> I suppose you could keep your public key with you on a USB drive and
> only put it on the computer when you need it, however I'm not sure how
> secure that would be :/
I've just found that it is recommended to always set a passphrase when generating a key. This makes it useless to someone else who tries to use it. The passphrase is evaluated on the client, rather than the server. Brute-force attempts can never succeed.
I've also found that indeed to shut off passwords on the server it is sshd_config|PasswordAuthentication no. But you must remember that this shuts you out when on a machine that's not in the server's authorized_keys.
And it's good practice to generate a key on each client and put that in the server's authorized_keys, rather than using all the same key. So if one machine is compromised, the rest won't be.