passwordless ssh from laptop

Mon Dec 26 18:29:12 UTC 2016

Just enable multifactor on sshd server and require also password or token
on login?

Eero

2016-12-26 20:22 GMT+02:00 Chris Green <cl at isbd.net>:

> On Mon, Dec 26, 2016 at 02:50:37PM +0000, Colin Law wrote:
> > On 26 December 2016 at 14:13, Chris Green <cl at isbd.net> wrote:
> > > On Mon, Dec 26, 2016 at 11:15:01AM +0000, Colin Law wrote:
> > >> > How is a 'long, strong passphrase' any better than a 'long, strong
> > >> > password'?  As a user I have to remember either one or the other,
> it's
> > >> > no easier to use a long, strong key than it is to use that same
> string
> > >> > as a password.
> > >>
> > >> Because you need both the key and the passphrase. The hackers probing
> > >> your server from the other side of the world will have no chance of
> > >> getting in (they concentrate on guessing user names and passwords) and
> > >> even someone who (for example) steals your laptop, and so has access
> > >> to the key, still has to guess the passphrase.
> > >>
> > > In that case though (stolen, or access to, laptop) the intruder has
> > > unlimited access and can apply brute force methods.  If [s]he's
> > > guessing passwords remotely that's not so possible.
> >
> > On the assumption you know that the laptop as been stolen then you can
> > revoke the key on the server, so the thief will not be able to use the
> > key to get into the server even if (s)he manages to break the
> > passphrase on the key.
> >
> Yes, I suppose that's true, but only if/when you notice the laptop has
> gone walkabout.
>
> --
> Chris Green
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20161226/e84034b0/attachment.html>