- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Perl/SSH Problem
- From: "Amos Shapira" <amos.shapira@xxxxxxxxx>
- Date: Sun, 5 Nov 2006 10:12:44 +1100
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=j9gipHYW1dXr/D/vEAwl/hzR1qu9LtgnAqLDhdQHJ0c5JmI8ZMM0b4et0cUJ0VWRaRmMKkPxjYOlJRV9//RjPgKlbyJRs+J9Y7nogKCfPOJAwCijEAW5Qm/vPaNPHzwu+/+Inc0UydURF3qU2uV95h2ND1Km+FscOgmvHtG4UOs=
On 04/11/06, Adam Kennedy <adam@xxxxxxxxxxx> wrote:
I always thought the problem with keys and passwordless login was that
you end up with cascading exploits.
If I login from box A --> box B with keys, and someone hacks box A, then
they automatically have access to box B, and C, and D and anything else
I use keys on
1. That's what strong pass-phrases are used for - to limit the access to the
private key.
2. You could say "sure - so you replace the password by a pass-phrase" but
you'd still need the private key, which is never transferred over the net.
3. You can allow access for multiple keys into the same account - therefore
you can trace which key was used to login and track it back to the origin
and/or remove it if it was compromised (or do stuff like limit the commands
a key authorizes, or pair keys with originating ssh clients). On the other
hand you can't have multiple, traceable passwords to a UNIX account.
With passwords, at least that isn't a problem (assuming you aren't a
complete idiot and have the same password for everything).
With passwords it's enough to know (or guess) a relatively short string in
order to gain access. With keys protected by a pass-phrase you'll need a
string AND the unencrypted content of a file which should never leave the
local disk.
--P
SLUG Mailing List Archives