kentborg at borg.org
Tue Jan 13 17:56:23 UTC 2009
Knute Johnson wrote:
> Why use passwords at all with SSH? The public key authentication is
> several orders of magnitude harder to crack than username/password.
> And it is really easy to use.
I keep records of all the passwords I use. I keep that list encrypted.
(And who says the encrypted list is even on my computer?)
Private ssh keys, on the other hand, need to be in the clear to be
useful. I get nervous having such valuable data sitting in the clear. A
little misconfiguration and Apache might serve up my keys, or they might
be readable by other users of the system, or some buggy PHP code decides
to let the world have them. So many security holes I see reported allow
the bad guys to read files they are not supposed to read. Having private
ssh keys just sitting there scares me. And having many of them (for
different systems) scares me. And having multiple copies (on different
systems) scares me. And the idea of someone cracking into one home
directory of mine meaning he now has access to all my machines scares
me. Lots of things to be nervous about.
A password, even on an unprotected sshd daemon, can only be guessed so
quickly. If you have a password with 32-bits of entropy (not hard to
remember, though a bit long to type), it will take a very, very long
time for a brute force hacker to hit the point of 50% odds of getting
in. Make your password a few bits better (add one randomly chosen
character at the end), and the brute force takes many times longer to
get in. If you watch your log files at all you will notice such a long
term cracking project.
Yes, /etc/shadow has a version of your passwords (though just for that
system). But it is not completely in the clear and it is a rather well
known sensitive file to protect. It isn't in my home directory, I am not
messing with it or confusing umasks that affect its security. If the bad
guy gets a copy of /etc/shadow then the cracking job is much
easier--though it still requires significant effort, and extra high
quality passwords will help you. (But really long passwords are
difficult to type blindly, I have tried.)
More information about the ubuntu-users