On Tue, Dec 15, 2009 at 11:02:07PM +0000, Srdjan Todorovic wrote:
Hi,
2009/12/15 Chris G cl@isbd.net:
I'm probably being totally paranoid but still. Is there any significant difference in security between using password login and Public Key when using ssh to connect to my home server?
Someone can steal your key files. Someone cannot (yet) steal your mind. Someone can guess your password easier. Someone cannot as easily guess your private key.
They can steal my key files but (assuming a 'good' encryption key for them) they won't be any use because they can't decrypt the keys can they?
Why can they guess my password more easily the encryption key for the private key?
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host?
That's a point, though an intruder has to guess what IPs my firewall allows. I guess a really devious intruder can go through lots of spoofed IP addresses and try logging in from each.
How does it react to spoofed source address packets?
As above, a good point.
How does it fit into trusted systems? (from military context, systems you trust are worse)
You just reminded me of something I read some time ago:
"A very good hacker once commented to me that 'the boundaries between being logged in and not being logged in were blurred' because he 'didnt need a password to gain access to remote systems'..."
Quite, but I'm not *that* paranoid. If someone really wants to steal my data they can smash down my front door and run off with the computer. I'm more concerned about protecting myself against people on the internet playing at hacking for 'fun'.
- Dr KSo if one is to be extremely serious about security, this discussion of passwords and ssh logins is going to be fairly trivial.
True, I suspect that my 'two layers' of logins (with fairly unguessable passwords) is probably sufficient.