Re: Does Public Key Authentication offer additional security over SSH/SFTP

On 2006-12-12, Marty W <Captain.Wing@xxxxxxxxx> wrote:
I've got a fairly newbie (but hopefully quick) question.
So I've set up a public/private key pair on my Unix boxes for
authentication for my SSH/SFTP connections so I don't have to provide
my password.

Does setting this up provide an extra layer of security

Yes, in that the private key is much harder for an attacker to guess
compared to a password.

(ie additional encryption) ?

Of the data being sent? No. There's an extra cryptographic step in the
authentication where the client proves to the server that it has access
to the relevant private key but after that the encrpytion of the data
is equivalent regardless of the authentication method (all other things
being equal).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: How do I change the number of logon opportunities from 3 to 1
    ... > sshd is my only method of logging into my system. ... change it at compile time by editing auth.h and changing AUTH_FAIL_MAX ... authentication count too, so if you change that to 1 then many clients ... Good judgement comes with experience. ...
  • Re: force private key to use a pass-phrase
    ... the server can use double authentication (both with private key and a ... password) to prevent users from authenticating with a private key without ... knowing the password too. ... Good judgement comes with experience. ...
  • Re: Rhosts authentication with openssh 3.7
    ... >I know that rhosts based authentication is HEAVILY unsecured but in my ... $OpenBSD CVS tags but you can ignore those). ... Good judgement comes with experience. ...
  • Re: FamilySearch Wiki Barn Raising for England
    ... judgement of what is 'incorrect and inferior material'. ... As I've said in other postings in this thread, there are plenty of wiki ... authentication, and even written one from scratch for a client. ...
  • Re: configure password prompt in SSH
    ... OpenBSD machine is using "password" authentication, ... the prompt is supplied by the server (via ... > I have searched the openssh web, read the man pages of ssh_config and ... Good judgement comes with experience. ...