[ILUG] sshd
Ian O'Connell
ianoc=ilug at maths.tcd.ie
Fri Nov 24 14:17:03 GMT 2006
On 23/11/06, Conor Daly <conor.daly_ilug at cod.homelinux.org> wrote:
> On Thu, Nov 23, 2006 at 05:12:02PM +0000 or so it is rumoured hereabouts,
> paul at clubi.ie thought:
> > On Thu, 23 Nov 2006, Ewan Oughton wrote:
> >
> > >SSH keys on their own are not the magic bullet, but surely passworded-keys
> > >are more secure than a password on it's own? Something you have, something
> > >you know?
> >
> > Sure. But who has the key?
> >
> > Also, you're looking at it from POV of a clueful user, not of an
> > admin with lusers who wants to protect a specific box. How does the
> > admin (try) apply password-strength policies to ssh-key passwords?
> > How can the admin even enforce that users protect keys with a
> > password?
>
> #> grep -i authorizedkeysfile /etc/ssh/sshd_config
> AuthorizedKeysFile /etc/ssh/authorized_keys
>
> #> ssh-keygen -t.....
> <enter strong password>
>
> Say to user: "here's your key and password".
>
And then the user uses the password to extract the key and then never
uses the password again?
--
Ian.
More information about the ILUG
mailing list