> wrong ! With the public key and the root password known, > and files appropriately configured, the "attacker" won't > be prompted for a password. > > If the root password is known in any senario then "is all over" !
Can you clarify what you mean here? If you force key authentication and disable password authentication, the attacker won't be able to log in unless they have your private key and your passphrase. The password is only useful if (1) the attacker can log in as another user and 'su' to root (something that you can configure away with the proper PAM settings) or (2) the attacker has local console access (in which case they really don't need the password anyway) or (3) they can break the strong crypto employed by SSH. There are always possibilities of another vulnerability on your system or a vulnerability in the SSH daemon, but these aren't faults of the protocol itself. There are several excellent examples where people configured their servers to accept only key authentication, then challenged people to break into their server -- after publishing the root password on Internet forums. One of the biggest I remember was the LinuxPPC security challenge from several years back. No one won. Key authentication is mathematically and practically more secure than password authentications. Requiring key authentication makes the password irrelevant. > > I would guess that copying your private key to B would be a bad idea > > correct - copy only public keys Never copy keys, public or private. Forward them using an agent. thornton -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
