INTL 3:770/1 3:770/3
REPLYADDR theom+news@chiark.greenend.org.uk
REPLYTO 3:770/3.0 UUCP
MSGID: 03545b6f
REPLY: 3f94ffdc
PID: SoupGate-Win32 v1.05
Chris Green wrote:
> Scott Alfter wrote:
> > In article <-FadnQKrpYU-sir4nZ2dnZfqnPGdnZ2d@earthlink.com>,
> > 68g.1499 <68g.1499@etr6.net> wrote:
> > > On install, you CAN select 'pi' as the username and anything
> > > you want as the password. It WILL complain - but will do it
> > > if you demand. If you change passwords later there's more of
> > > a chance it will demand "minimum complexity" (that's deep in
> > > the PAM stuff).
> >
> > For remote access (to a headless box or otherwise), you should be using
> > key-based authentication anyway and should disable password authentication
> > in sshd.
> >
> Why specifically?
Keys with a passphrase cover 'something you have' as well as 'something you
know', which is two of the three factors (the other being 'something you
are', ie biometrics).
Passwords are just 'something you know', ie once the password is stolen
anyone can reuse it. For example passwords can be keylogged or phished,
while keys can't be (the phishing site doesn't get your private key and
can't replaying the transaction).
Unlike the web, SSH uses host keys to reduce the risk of phishing but do you
check the host key the first time you connect? Plus keylogging is a real
concern - there are cracked SSH daemons which record the passwords and send
them to attackers.
> One argument against using key based authentication (in my case
> anyway) is that my home desktop and my laptop (which are the ssh
> clients) are turned on and logged-into just about all the time. Thus,
> with the default log-in key used for authentication, all my remote
> systems would be accessible to someone just walking up to desktop or
> laptop.
If that is a concern, don't unlock your keys until you need to use them.
Desktop environments often run an ssh-agent to hold your keys for you so you
only need type the passphrase once per login/time period, but you can
disable that behaviour. Plus you can use different keys for different
purposes - eg a work key and a home key, so you don't unlock your work key
unless you're doing work stuff.
> I *could* generate a separate key for every remote and force it to ask
> for the key every time I log in but that adds extra hassle every time
> I add or change a remote system.
Asking for the passphrase is no more complex than asking for a password,
surely?
> Using the default (ssh password authentication) means that I have no
> extra configuration required to either default or local system **and**
> no on can casually walk up to desktop or laptop and get a login to a
> remote.
Even if you change nothing on the server end, it's still good to use keys
where you can. If you never send the password there's nothing to keylog or
phish. You could even unset your password so password auth will never
succeed. But it's only a one line change in /etc/ssh/sshd_config to disable
password auth altogether.
Theo
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225
SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17
SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426
SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038
SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364
SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100
SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35
PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426
|
