Re: OPIE considered insecure
- From: David Wolfskill <david@xxxxxxxxxxxxxx>
- Date: Mon, 2 Mar 2009 13:30:34 -0800
On Mon, Mar 02, 2009 at 01:19:32PM -0800, Chris Palmer wrote:
...
Benjamin Lutz writes:
Because the inconvience of not using whatever service or data the server is
providing is considered greater than the security risk.
But isn't regular password authentication the most convenient of all?
Not in my experience, no.
I configure ~/.xsession to run "eval `ssh-agent`" and "ssh-add" very
early, so all processes run under that environment get the benefit of
the cached authentication credentials I thus set up. Then I can login
to most machines I care about directly, without requiring additional
authentication.
To me, that's far more convenient than ensuring that I'm around & paying
attention whenever some random process (e.g., a CVS update) wants a
password.
And I strongly suspect that it's better security than a password.
For my externally-visible sshd, there's no way I'd use a reusable
password for authentication. As things presently stand, I only permit
SSH public key authentication for that use.
...
Peace,
david
--
David H. Wolfskill david@xxxxxxxxxxxxxx
Depriving a girl or boy of an opportunity for education is evil.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Attachment:
pgpnVB4IE3W0P.pgp
Description: PGP signature
- References:
- Re: OPIE considered insecure
- From: Chris Palmer
- Re: OPIE considered insecure
- From: Benjamin Lutz
- Re: OPIE considered insecure
- From: Michael Ekstrand
- Re: OPIE considered insecure
- From: Chris Palmer
- Re: OPIE considered insecure
- Prev by Date: Re: OPIE considered insecure
- Next by Date: RE: OPIE considered insecure
- Previous by thread: Re: OPIE considered insecure
- Next by thread: RE: OPIE considered insecure
- Index(es):
Relevant Pages
|
