On Sun, Feb 04, 2018 at 12:15:58PM +0000, Laurie Brown wrote:
On 03/02/18 14:20, mick wrote:
On Sat, 3 Feb 2018 09:40:53 +0000 Chris Green cl@isbd.net allegedly wrote:
I *could* use key authentication but that has some downsides so I'd prefer to remain with using a password.
What do you see as downsides? In my view ssh authentication should always be key based.
I agree 100%
I use ssh to access my desktop machine from the outside world, access is limited to three specific IP addresses which are places where I have ssh accounts: my TsoHost hosting, a virtual machine on Gandi Internet and another 'out there' system run by a friend.
So, to connect, I ssh to either TsoHost, my Gandi server or the other system and then ssh from there to my home system. This is *usually* from my laptop but is occasionally from other places such as a terminal/ssh app on a tablet or putty running on Windows or my wife's laptop.
It's non-trivial to maintain keys in this sort of multi-access scenario. I have a bad enough time keeping the outward going ones that live on my desktop machine in a reasonably sane state.
I also fail to see how using a key improves in any way on using a password. The length (and thus brute force vulnerability) of both can be made the same. If someone gets access to my laptop (which is the most likely means by which I might become vulnerable) they can use brute force on my keys for as long as they like with the power of quite a fast laptop to assist. They *can't* brute force my passwords because the remote systems will only allow three retries before disconnecting.
However you store keys they are vulnerable, they are stored. My passwords are only in my head and on the desktop machine at home (in encrypted form of course). If someone gets physical access to the machine at home then neither keys nor passwords are going to make any difference at all.