Hi,
2009/12/15 Chris G cl@isbd.net:
I'm probably being totally paranoid but still. Is there any significant difference in security between using password login and Public Key when using ssh to connect to my home server?
Someone can steal your key files. Someone cannot (yet) steal your mind. Someone can guess your password easier. Someone cannot as easily guess your private key.
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host? How does it react to spoofed source address packets? How does it fit into trusted systems? (from military context, systems you trust are worse)
You just reminded me of something I read some time ago:
"A very good hacker once commented to me that 'the boundaries between being logged in and not being logged in were blurred' because he 'didnt need a password to gain access to remote systems'..."
- Dr K
So if one is to be extremely serious about security, this discussion of passwords and ssh logins is going to be fairly trivial.
Srdjan