[CentOS] what percent of time are there unpatched exploits against default config?

Thu Dec 29 14:05:10 UTC 2011
Peter Eckel <lists at eckel-edv.de>

Hi Marko, 

> Using the ssh key can be problematic because it is too long and too random to 
> be memorized --- you have to carry it on a usb stick (or whereever). This 
> provides an additional point of failure should your stick get lost or stolen.

this is only correct when you use SSH keys without a sufficiently secure passphrase. Which you obviously should never do. If you have a passphrase with your key, finding or stealing the USB stick is completely useless, and even if someone gets at your key, your no worse off than with password authentication. 

> Human brain is still by far the most secure information-storage device. :-)

I strongly disgree. Social engineering is a very efficient way to get at other people's data.

> It is very inconvenient for people who need to login to their servers from 
> random remote locations (ie. people who travel a lot or work in hardware-
> controlled environment).

Agreed.

> Besides, it is essentially a question of overkill. If password is not good 
> enough, you could argue that the key is also not good enough --- two keys (or 
> a larger one) would be more secure. Where do you draw the line?

One key is indefinitely better than a password. The additional security you gain when you add another key is, however, disputable. 

Best regards, 

  Peter.