Re: Pubkey

From: Alexander Klimov (alserkli_at_inbox.ru)
Date: 11/28/04

  • Next message: Darren Tucker: "Re: X forwarding and X11UseLocalhost"
    Date: Sun, 28 Nov 2004 19:08:41 +0200 (IST)
    To: Harald Nesland <harald@interweb.no>
    
    

    On Sun, 28 Nov 2004, Harald Nesland wrote:
    > Alexander Klimov wrote:
    > > I think a better way is as follows:
    > > -- Kate creates a key pair and sends pubkey to Admin
    > > -- Admin verifies that it is Kate, who sends it, creates an account and adds
    > > the pubkey to authorized_keys
    > > -- Kate now is able to login using her private key and has no password at all
    > > (that is good since it is now impossible to guess her password)
    >
    > The private key ofcourse has to be stored safely. Note that any
    > compromise of a system containing these private keys can lead to a chain
    > of compromises.

    Well, private key has to be encrypted with password and probably stored on
    removable media. Of course, it does not help if some keylogger (and a program to
    copy private key file) is installed by the intruder, OTOH it seams that in this
    attack scenario only some additional "device" can save you (e.g., SecureID or a
    printed list of one time passwords).

    -- 
    Regards,
    ASK
    

  • Next message: Darren Tucker: "Re: X forwarding and X11UseLocalhost"