Ubuntu server remote file access
Colin Law
clanlaw at googlemail.com
Fri Sep 27 16:05:57 UTC 2013
On 27 September 2013 16:28, Kent Borg <kentborg at borg.org> wrote:
> On 09/27/2013 11:07 AM, Colin Law wrote:
>>
>> I thought that if you used keys for authentication and have disabled
>> password access (as the OP has done), then ssh is effectively unbreakable.
>
>
> Yes, but now you have shifted the risk to a new location: your private ssh
> key.
>
> How do you protect it? I hope you have it encrypted, but what if someone
> gets ahold of the encrypted key? Unlike the sshd which will limit how fast
> one can make attempts, an encrypted file can be put one one or more very
> fast machines and broked far easier. You had better have a lot better
> passphrase for that encryption, one which it difficult to remember and
> difficult to type blind.
You are right that if someone gets hold of the key then they can gain
access to the server machine. If they can physically access the
client machine (in order to get the key) then all is lost. However if
they can physically access the server machine then again all is lost.
For most users this is not an issue as users are not physically
targeted. The main risk is hackers all over the world probing the
machine, and using keys with password access disabled will prevent
this.
Colin
>
> Where do you keep this key file? How many copies exist? Have you deleted a
> copy of it? Can deleted file be un-deleted?
>
> If you have a traditional ssh password the only way to break it is to try it
> against the sshd and it will only let you try so many times a second, so
> much less entropy is needed in your key.
>
>
>
> -kb
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
More information about the ubuntu-users
mailing list