On Thu, Jun 09, 2005 at 06:25:48PM -0400, Robert Brockway wrote: > On Thu, 9 Jun 2005, Marty wrote: > > PKI makes things much more difficult. An attacker would need both your > private key and your passphrase to gain entry. Brute forcing an ssh > daemon that only accepts PKI access is an intractable problem. > > > keys secure (i.e. thumb drive? Floppy? Theft issues?) > > All of the hosts I have private keys for are under my control or my > companies' control. We have some clients that move around a lot and they > do need keep their private keys on a usb drive. > > As with everything in security some risk is always involved. A hosts > administrator may be sniffing keystrokes to get your passphrase and they > may be automatically nabbing any private keys they see - but in reality > this is not likely. If you think a machine is not safe don't ssh from it. >
Sadly, most people (myself included) have no passphrase on their SSH keys. I also end up bouncing aroud a variety of machines (some Fedora some Windows with PuTTY and some Windows with SSH.com). So the key thing is a pain in the but. At least on the Linux machines it is straightforward and I set those up when I can to use keys instead of passwords. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
pgpnuenlCwcAI.pgp
Description: PGP signature
