[CentOS] ultrasecure sshd server
Craig White
craig.white at ttiltd.com
Fri Jun 10 19:09:43 UTC 2011
On Jun 10, 2011, at 12:04 PM, Ljubomir Ljubojevic wrote:
> Les Mikesell wrote:
>
>> That's just normal behavior when both are enabled. If the key works,
>> you don't get the password prompt. But even in the 'ultrasecure'
>> scenario of requiring both, do you really want people typing their
>> passwords on equipment that might have a keylogger running?
>>
>
> One scenario is business customers I maintain. They are almost all on my
> network, and I have servers I maintain/admin 400 km away that are not
> mine. When I am logged there, or on-site, I often need to pull some data
> from my main server. Sometimes FTP is enough, but sometimes I need to
> use SFTP or SCP to access sensitive scripts, or to login (when I am
> on-site on far away network).
>
> How do you propose that I use key only auth? to copy my sensitive key
> onto their system? Or is it better to in that case just use password
> auth? I avoid using my passwords on infected systems, or without proper
> protection, but on safe systems it is better to use passwords then keys.
>
> And of course, I have a brother with root access that does not own a
> laptop. And if I even tried to force him to use keys for every
> connection, I would have blue eye in matter of days ;-)
----
put your private key(s) on a USB flash drive and use the '-i' option w/ ssh
Heavily recommend that you use passwords to protect your keys though
Craig
More information about the CentOS
mailing list