RE: SSH Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-12-07 at 09:35, STYMA, ROBERT E (ROBERT) wrote:
> > Key based authentication is the right way to go.  You should disable
> > root ssh access completely.  
> > 
> 
> Key based authentication is good, but there is one caveat.  Straight
> key based allows you to log in directly without typing a password.
> If you are ssh'ing from work to home from a UNIX machine, any sys-admin
> with the root password on your work machine can become you and then
> ssh to your home machine as you with no password.  Maybe you don't care
> if your sysadmin is dinking around in your home machine and maybe you do.
> 
> I am not saying not to use key based authentication, but it is not a 
> cure all.  

You are correct, there are no magic bullet solutions.  Typically you
would still use a password/passphrase to use your private key.  Of
course the same rules apply as to any password, use a good non-trivial
one that can not be guessed.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux