passwordless ssh from laptop

Joel Rees joel.rees at gmail.com
Thu Dec 29 01:59:39 UTC 2016


On Mon, Dec 26, 2016 at 7:26 PM, Chris Green <cl at isbd.net> wrote:
> On Mon, Dec 26, 2016 at 09:35:11AM +0000, Colin Law wrote:
>> On 26 December 2016 at 06:26, Karl Auer <kauer at biplane.com.au> wrote:
>> >
>> > ssh logins without passwords should be used only for strictly limited
>> > purposes, such as backups. Always use extra security, such as IP
>> > address restrictions or command restrictions. Ideally, don't use
>> > passwordless logins at all.
>> >
>> > Also, read this: http://biplane.com.au/blog/?p=426
>>
>> That link does not appear to agree with your contention that one
>> should not allow access via keys, finishing with the comment:
>> "By the way, if you think your password is safe because it is
>> complicated or unusual – you are probably wrong. Use publickey only,
>> and protect your keys with long, strong passphrases."
>>
> How is a 'long, strong passphrase' any better than a 'long, strong
> password'?  As a user I have to remember either one or the other, it's
> no easier to use a long, strong key than it is to use that same string
> as a password.

I think the distinction has become fairly general in practice --

Passphrases assumed to be used in indirect authentication like public
key, and passwords being used when directly authenticating.

And (good) passwords being strings like "m0n<e4UR at Tom" and (good)
passphrases being more like "I have a monk{y for your atom, Kite."

Neither of which is any good, for either me or you, now that I have posted this.

Which one would you find easier to remember?

The value, for the uniformed reader who hasn't been able to decipher
the thread so far, is in indirection, and in the change in habits that
the indirection allows.

And the value of both is significantly reduced for the user who
refuses to try to understand the nature of the attacks that are in
use, and in use by whom.

You have to know yourself, know your enemies, know your friends. And
you need to come to know the strangers you come in contact with and
the streets (wires) on which you travel (communicate).

Technology is easy to collect, and it quickly turns into cruft.
Developing habits that allow you to try to understand the threats you
face and where they come from should have higher priority than
implementing security measures that you don't really understand.

-- 
Joel Rees

I'm imagining I'm a novelist:
http://reiisi.blogspot.jp/p/novels-i-am-writing.html



More information about the ubuntu-users mailing list