On Jun 10, 2011, at 12:04 PM, Ljubomir Ljubojevic wrote: > Les Mikesell wrote: > >> That's just normal behavior when both are enabled. If the key works, >> you don't get the password prompt. But even in the 'ultrasecure' >> scenario of requiring both, do you really want people typing their >> passwords on equipment that might have a keylogger running? >> > > One scenario is business customers I maintain. They are almost all on my > network, and I have servers I maintain/admin 400 km away that are not > mine. When I am logged there, or on-site, I often need to pull some data > from my main server. Sometimes FTP is enough, but sometimes I need to > use SFTP or SCP to access sensitive scripts, or to login (when I am > on-site on far away network). > > How do you propose that I use key only auth? to copy my sensitive key > onto their system? Or is it better to in that case just use password > auth? I avoid using my passwords on infected systems, or without proper > protection, but on safe systems it is better to use passwords then keys. > > And of course, I have a brother with root access that does not own a > laptop. And if I even tried to force him to use keys for every > connection, I would have blue eye in matter of days ;-) ---- put your private key(s) on a USB flash drive and use the '-i' option w/ ssh Heavily recommend that you use passwords to protect your keys though Craig