On Thursday 5 May, 2011 17:15:11 Perry Thompson wrote: > On 05/05/2011 06:46 PM, cac...@quantum-sci.com wrote: > > On Thursday 5 May, 2011 15:09:02 Brian wrote: > >> Use a strong password or ssh keys for access to the server. The question > >> is whether you trust the machine you use at work. > > > > OK, say you -don't- trust your machine at work. Workarounds? > > > > > I suppose you could keep your public key with you on a USB drive and > only put it on the computer when you need it, however I'm not sure how > secure that would be :/
I've just found that it is recommended to always set a passphrase when generating a key. This makes it useless to someone else who tries to use it. The passphrase is evaluated on the client, rather than the server. Brute-force attempts can never succeed. I've also found that indeed to shut off passwords on the server it is sshd_config|PasswordAuthentication no. But you must remember that this shuts you out when on a machine that's not in the server's authorized_keys. And it's good practice to generate a key on each client and put that in the server's authorized_keys, rather than using all the same key. So if one machine is compromised, the rest won't be. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201105051732.03420.cac...@quantum-sci.com
