Ubuntu server remote file access
Kent Borg
kentborg at borg.org
Fri Sep 27 15:28:59 UTC 2013
On 09/27/2013 11:07 AM, Colin Law wrote:
> I thought that if you used keys for authentication and have disabled
> password access (as the OP has done), then ssh is effectively unbreakable.
Yes, but now you have shifted the risk to a new location: your private
ssh key.
How do you protect it? I hope you have it encrypted, but what if
someone gets ahold of the encrypted key? Unlike the sshd which will
limit how fast one can make attempts, an encrypted file can be put one
one or more very fast machines and broked far easier. You had better
have a lot better passphrase for that encryption, one which it difficult
to remember and difficult to type blind.
Where do you keep this key file? How many copies exist? Have you
deleted a copy of it? Can deleted file be un-deleted?
If you have a traditional ssh password the only way to break it is to
try it against the sshd and it will only let you try so many times a
second, so much less entropy is needed in your key.
-kb
More information about the ubuntu-users
mailing list