Re: OT: Safe to access SSH server from work?
On Fri, May 6, 2011 at 12:23, George <firstname.lastname@example.org> wrote:
>> No, the attacker needs to HAVE your private key and KNOW the pass phrase
>> for that key. Assuming you keep your key secure and have a decent pass
>> phrase his life should be very difficult indeed.
> He still needs to guess a string, just like he does when password
> authentication is used. What am I missing? Probably a lot, but I'm not
> very experienced in security matters.
That is why the key is something you KNOW, not something you HAVE. If
one can capture your password locally, then one can capture your key
However, keys are good to prevent brute-force attacks. Think of it
like a 256-character password using the entire ASCII field. Also, keys
are not susceptible to keyloggers.