Re: SSH as root
From: Michael Coulter (mjc_at_bitz.ca)
Date: 07/04/03
- Previous message: Tim Greer: "Re: SSH as root"
- In reply to: Tim Greer: "Re: SSH as root"
- Next in thread: Tim Greer: "Re: SSH as root"
- Reply: Tim Greer: "Re: SSH as root"
- Reply: Greg A. Woods: "Re: SSH as root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jul 2003 17:45:17 -0700 To: Tim Greer <chatmaster@charter.net>
On Thu, Jul 03, 2003 at 05:31:17PM -0700, Tim Greer wrote:
> SSH keys can be a bad thing... But I suppose so could plain text passwords
> on a system if someone compromises it.
Passwords are inferior to keys in at least 3 regards:
- in the case of a MITM attack a password is compromised, a key is not
- in the case of the server being compromised the password is compromised, a key is not
- keys can be stored with a passphrase making it necessary to steal the file
itself as well as somehow obtain/bruteforce the passphrase, such as trojan'ing
the ssh client or keylogging
> I don't recommend allowing for such ease, if someone manages to compromise
> one system and grab the file.
Passphrases are a very good idea. However, if the client computer is compromised
you are in the same boat if you choose passwords, or keys with passphrases.
The attacker needs to steal and file and capture the passphrase in the case of keys.
In the case of passwords they can just capture the password itself.
> It's best to not use them from a security stand-point.
I see nothing to support this, and several points to the contrary.
- Previous message: Tim Greer: "Re: SSH as root"
- In reply to: Tim Greer: "Re: SSH as root"
- Next in thread: Tim Greer: "Re: SSH as root"
- Reply: Tim Greer: "Re: SSH as root"
- Reply: Greg A. Woods: "Re: SSH as root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
