On Fri, May 06, 2011 at 11:54:28AM +0300, George wrote: > On 5/6/11, Jochen Schulz <ml@well-adjusted.de> wrote: > > > You can authenticate to an OpenSSH server using a password, or using a > > keyfile. On the client side, simply run 'ssh-keygen' to create a > > keypair. > > So the attacker needs to guess my private key instead of my password. > How does that make his life more difficult, assuming my password was > very strong? No, the attacker needs to HAVE your private key and KNOW the pass phrase for that key. Assuming you keep your key secure and have a decent pass phrase his life should be very difficult indeed. Cheers, Tom
Attachment:
signature.asc
Description: Digital signature