passwordless ssh from laptop
Colin Law
clanlaw at gmail.com
Mon Dec 26 11:15:01 UTC 2016
On 26 December 2016 at 10:26, Chris Green <cl at isbd.net> wrote:
> On Mon, Dec 26, 2016 at 09:35:11AM +0000, Colin Law wrote:
>> On 26 December 2016 at 06:26, Karl Auer <kauer at biplane.com.au> wrote:
>> >
>> > ssh logins without passwords should be used only for strictly limited
>> > purposes, such as backups. Always use extra security, such as IP
>> > address restrictions or command restrictions. Ideally, don't use
>> > passwordless logins at all.
>> >
>> > Also, read this: http://biplane.com.au/blog/?p=426
>>
>> That link does not appear to agree with your contention that one
>> should not allow access via keys, finishing with the comment:
>> "By the way, if you think your password is safe because it is
>> complicated or unusual – you are probably wrong. Use publickey only,
>> and protect your keys with long, strong passphrases."
>>
> How is a 'long, strong passphrase' any better than a 'long, strong
> password'? As a user I have to remember either one or the other, it's
> no easier to use a long, strong key than it is to use that same string
> as a password.
Because you need both the key and the passphrase. The hackers probing
your server from the other side of the world will have no chance of
getting in (they concentrate on guessing user names and passwords) and
even someone who (for example) steals your laptop, and so has access
to the key, still has to guess the passphrase.
Colin
More information about the ubuntu-users
mailing list