[CentOS] ultrasecure sshd server

Craig White craig.white at ttiltd.com
Fri Jun 10 19:09:43 UTC 2011


On Jun 10, 2011, at 12:04 PM, Ljubomir Ljubojevic wrote:

> Les Mikesell wrote:
> 
>> That's just normal behavior when both are enabled.  If the key works, 
>> you don't get the password prompt.  But even in the 'ultrasecure' 
>> scenario of requiring both, do you really want people typing their 
>> passwords on equipment that might have a keylogger running?
>> 
> 
> One scenario is business customers I maintain. They are almost all on my 
> network, and I have servers I maintain/admin 400 km away that are not 
> mine. When I am logged there, or on-site, I often need to pull some data 
> from my main server. Sometimes FTP is enough, but sometimes I need to 
> use SFTP or SCP to access sensitive scripts, or to login (when I am 
> on-site on far away network).
> 
> How do you propose that I use key only auth? to copy my sensitive key 
> onto their system? Or is it better to in that case just use password 
> auth? I avoid using my passwords on infected systems, or without proper 
> protection, but on safe systems it is better to use passwords then keys.
> 
> And of course, I have a brother with root access that does not own a 
> laptop. And if I even tried to force him to use keys for every 
> connection, I would have blue eye in matter of days ;-)
----
put your private key(s) on a USB flash drive and use the '-i' option w/ ssh

Heavily recommend that you use passwords to protect your keys though

Craig




More information about the CentOS mailing list