[CentOS] ultrasecure sshd server
Ljubomir Ljubojevic
office at plnet.rs
Fri Jun 10 19:04:44 UTC 2011
Les Mikesell wrote:
> That's just normal behavior when both are enabled. If the key works,
> you don't get the password prompt. But even in the 'ultrasecure'
> scenario of requiring both, do you really want people typing their
> passwords on equipment that might have a keylogger running?
>
One scenario is business customers I maintain. They are almost all on my
network, and I have servers I maintain/admin 400 km away that are not
mine. When I am logged there, or on-site, I often need to pull some data
from my main server. Sometimes FTP is enough, but sometimes I need to
use SFTP or SCP to access sensitive scripts, or to login (when I am
on-site on far away network).
How do you propose that I use key only auth? to copy my sensitive key
onto their system? Or is it better to in that case just use password
auth? I avoid using my passwords on infected systems, or without proper
protection, but on safe systems it is better to use passwords then keys.
And of course, I have a brother with root access that does not own a
laptop. And if I even tried to force him to use keys for every
connection, I would have blue eye in matter of days ;-)
Ljubomir
More information about the CentOS
mailing list