[kwlug-disc] Curious about SSH Key security
Rashkae
rashkae at tigershaunt.com
Fri Jul 23 23:49:26 EDT 2010
Raul Suarez wrote:
> After following the threads on SSH security and how using Keys is more secure and simple in the long run, I got curious about something.
>
> Please illuminate me:
>
> Security traditionally should depend on something you are (identity), something you have (key, card, etc) and something you know (password).
>
> If you use keys without password you are depending on something you have.
>
> Knowing also that you are just as secure as the weakest link.
>
> Would using keys only dilute security as now you need to depend on securing the keys on every computer?
>
> If someone breaks into one of the computers that has the key, wouldn't you be exposing the server?
>
> Raul Suarez
>
Yup...
Keys can be passphrase protected however. Passwordless keys are for the
lazy and for those who need to use ssh keys in non-interactive scripts.
But you must be aware when doing so that the key files *must* be
treated as the weak link if ever the computer that hosts the private key
is compromised in any way.
More information about the kwlug-disc
mailing list