passwordless ssh from laptop

Mon Dec 26 11:35:54 UTC 2016

On Mon, 2016-12-26 at 10:23 +0000, Chris Green wrote:
> [using publickey authtication with ssh is]
> only 'more secure' in the sense that it's more difficult to
> decrypt/break a key than it is to decrypt/break a password.
> 
> IMHO there are situations where it is decidedly *less* secure to use
> public key authentication.  I access my home machine from two or
> three laptops using ssh.  If I use public key authentication from
> those laptops then if I lose the laptop the keys are vulnerable to an
> attacker.
> If I use password authentication then someone who has my
> laptop has no more information than they would have if trying to
> break into my systems from anywhere else.

Hm. If you are using password authentication, then anyone can try from
anywhere to crack your password (assuming the targets are accessible
from anywhere). If your password is cracked you may never know. The
attacker does not need to see your password to attack it.

If you are using publickey authentication, no-one ever sees your
private key to be *able* to attack it. Your private key is never
transmitted; it is used only to decrypt inbound packets and encrypt
outbound packets. An attack on your communications is still possible,
but it is a hugely difficult task because crypto.

If you lose your laptop, then your keys are indeed available to the
wily hacker. This is the main reason you should use long, strong
passphrases. But the only way to attack your ssh keys (aside from
social engineering and things like keyloggers) is to get your laptop
first.

The other half of this argument is that you are comparing two things as
if their likelihood were roughly equal, when their likelihood is in
fact very different. What are the chances that someone will try
passwords via ssh to an open ssh port on a public IP address? 100%.
What are the chances that they will guess your password? Unknown, but
on widespread and multiply-documented past experience, surprisingly
high. If you allow only publickey access, the chances are zero.

What are the chances that someone will steal your laptop (or you lose
it)? Unknown. What are the chances that it will be stolen (or found) by
someone who knows about ssh AND cares about what they can access using
your keys AND has the skills to take advantage of what they have?
Extremely low, unless you have been deliberately targeted[1]. Even if
they meet all those criteria, what are the chances that they will crack
your (long, strong) passphrase before you change your keys? Unless you
have been very lazy or very stupid, their chances are very low.

In other words, you can have passwords, which are a persistent
vulnerability in a variety of ways. Or you can have passphrases, which
are a vulnerability only if your laptop leaves your control, and then
only if is taken or found by someone meeting a very specific set of
highly technical criteria.

> Horses for courses.

True - but there are very, very few courses where a password is the
right horse.

Regards, K.

[1] If there is any justifiable concern that you might be deliberately
targeted, then your situation is more serious than a mailing-list chat
can reasonably address.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4