passwordless ssh from laptop
Chris Green
cl at isbd.net
Mon Dec 26 18:22:07 UTC 2016
On Mon, Dec 26, 2016 at 02:50:37PM +0000, Colin Law wrote:
> On 26 December 2016 at 14:13, Chris Green <cl at isbd.net> wrote:
> > On Mon, Dec 26, 2016 at 11:15:01AM +0000, Colin Law wrote:
> >> > How is a 'long, strong passphrase' any better than a 'long, strong
> >> > password'? As a user I have to remember either one or the other, it's
> >> > no easier to use a long, strong key than it is to use that same string
> >> > as a password.
> >>
> >> Because you need both the key and the passphrase. The hackers probing
> >> your server from the other side of the world will have no chance of
> >> getting in (they concentrate on guessing user names and passwords) and
> >> even someone who (for example) steals your laptop, and so has access
> >> to the key, still has to guess the passphrase.
> >>
> > In that case though (stolen, or access to, laptop) the intruder has
> > unlimited access and can apply brute force methods. If [s]he's
> > guessing passwords remotely that's not so possible.
>
> On the assumption you know that the laptop as been stolen then you can
> revoke the key on the server, so the thief will not be able to use the
> key to get into the server even if (s)he manages to break the
> passphrase on the key.
>
Yes, I suppose that's true, but only if/when you notice the laptop has
gone walkabout.
--
Chris Green
More information about the ubuntu-users
mailing list