On Tue, Dec 15, 2009 at 11:41:50PM +0000, Wayne Stallwood wrote:
Chris G wrote:
They can steal my key files but (assuming a 'good' encryption key for them) they won't be any use because they can't decrypt the keys can they?
Why can they guess my password more easily the encryption key for the private key?
The point is that by using key based authentication you have now escalated your security to being "something you have" *and* "something you know" (assuming your private key is passphrase protected) if you then wanted to count your IP address as "something you are" then that is up to you (personally I don't)..and you would have all 3 checkboxes ticked.
I was assuming someone breaking in to my shell account 'out there'. The intruder can then either guess the passphrase for my private key (if I'm using Public Key authentication) or they can guess my password (if I'm using password). I don't see much difference.
However I guess someone with a *different* account on the system where I have my shell account can try and guess my password but they can't get anywhere by guessing my passphrase (assuming the keys are properly protected by permissions etc.).
The shell accounts are not on systems with hundreds of users, probably only tens of users on both and (presumably) 'friendly' users at that.
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host?
That's a point, though an intruder has to guess what IPs my firewall allows. I guess a really devious intruder can go through lots of spoofed IP addresses and try logging in from each.
Or monitor your connection a bit first. The data may be encrypted but at various points it would be possible to see the source and target address.
Quite, but I'm not *that* paranoid. If someone really wants to steal my data they can smash down my front door and run off with the computer. I'm more concerned about protecting myself against people on the internet playing at hacking for 'fun'.
Well for that you then need to allow only key based authentication and drop anything trying to log in with a password, then within the strength of the encryption algorithm and the resilience of the ssh server you are pretty solid. Of course you are also then a bit stuffed if you lost your private key, but that's ok because you protected them with a passphrase and backed them up in a secure location.
It wouldn't matter too much, the ssh access is only for occasional remote use (reading E-Mail etc.) when I'm away from home. As I have two shell accounts 'out there' there is some redundancy and even if I lost the private key[s] on both I could just start from scratch again. If desperate I could phone home and ask someone to open up for password access and then do it myself remotely, but in reality I'd probably simply wait until I got home and redo everything.