I'm probably being totally paranoid but still. Is there any significant difference in security between using password login and Public Key when using ssh to connect to my home server?
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Is it any easier for an intruder to guess my password (remember, no access to the system so I don't think a dictionary attack is possible is it?) or to guess the encryption key for my private key? I can't see any really significant difference between the two but I'm open to any comments.
Hi,
2009/12/15 Chris G cl@isbd.net:
I'm probably being totally paranoid but still. Is there any significant difference in security between using password login and Public Key when using ssh to connect to my home server?
Someone can steal your key files. Someone cannot (yet) steal your mind. Someone can guess your password easier. Someone cannot as easily guess your private key.
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host? How does it react to spoofed source address packets? How does it fit into trusted systems? (from military context, systems you trust are worse)
You just reminded me of something I read some time ago:
"A very good hacker once commented to me that 'the boundaries between being logged in and not being logged in were blurred' because he 'didnt need a password to gain access to remote systems'..."
- Dr K
So if one is to be extremely serious about security, this discussion of passwords and ssh logins is going to be fairly trivial.
Srdjan
On Tue, Dec 15, 2009 at 11:02:07PM +0000, Srdjan Todorovic wrote:
Hi,
2009/12/15 Chris G cl@isbd.net:
I'm probably being totally paranoid but still. Is there any significant difference in security between using password login and Public Key when using ssh to connect to my home server?
Someone can steal your key files. Someone cannot (yet) steal your mind. Someone can guess your password easier. Someone cannot as easily guess your private key.
They can steal my key files but (assuming a 'good' encryption key for them) they won't be any use because they can't decrypt the keys can they?
Why can they guess my password more easily the encryption key for the private key?
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host?
That's a point, though an intruder has to guess what IPs my firewall allows. I guess a really devious intruder can go through lots of spoofed IP addresses and try logging in from each.
How does it react to spoofed source address packets?
As above, a good point.
How does it fit into trusted systems? (from military context, systems you trust are worse)
You just reminded me of something I read some time ago:
"A very good hacker once commented to me that 'the boundaries between being logged in and not being logged in were blurred' because he 'didnt need a password to gain access to remote systems'..."
Quite, but I'm not *that* paranoid. If someone really wants to steal my data they can smash down my front door and run off with the computer. I'm more concerned about protecting myself against people on the internet playing at hacking for 'fun'.
- Dr KSo if one is to be extremely serious about security, this discussion of passwords and ssh logins is going to be fairly trivial.
True, I suspect that my 'two layers' of logins (with fairly unguessable passwords) is probably sufficient.
Chris G wrote:
They can steal my key files but (assuming a 'good' encryption key for them) they won't be any use because they can't decrypt the keys can they?
Why can they guess my password more easily the encryption key for the private key?
The point is that by using key based authentication you have now escalated your security to being "something you have" *and* "something you know" (assuming your private key is passphrase protected) if you then wanted to count your IP address as "something you are" then that is up to you (personally I don't)..and you would have all 3 checkboxes ticked.
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host?
That's a point, though an intruder has to guess what IPs my firewall allows. I guess a really devious intruder can go through lots of spoofed IP addresses and try logging in from each.
Or monitor your connection a bit first. The data may be encrypted but at various points it would be possible to see the source and target address.
Quite, but I'm not *that* paranoid. If someone really wants to steal my data they can smash down my front door and run off with the computer. I'm more concerned about protecting myself against people on the internet playing at hacking for 'fun'.
Well for that you then need to allow only key based authentication and drop anything trying to log in with a password, then within the strength of the encryption algorithm and the resilience of the ssh server you are pretty solid. Of course you are also then a bit stuffed if you lost your private key, but that's ok because you protected them with a passphrase and backed them up in a secure location.
On Tue, Dec 15, 2009 at 11:41:50PM +0000, Wayne Stallwood wrote:
Chris G wrote:
They can steal my key files but (assuming a 'good' encryption key for them) they won't be any use because they can't decrypt the keys can they?
Why can they guess my password more easily the encryption key for the private key?
The point is that by using key based authentication you have now escalated your security to being "something you have" *and* "something you know" (assuming your private key is passphrase protected) if you then wanted to count your IP address as "something you are" then that is up to you (personally I don't)..and you would have all 3 checkboxes ticked.
I was assuming someone breaking in to my shell account 'out there'. The intruder can then either guess the passphrase for my private key (if I'm using Public Key authentication) or they can guess my password (if I'm using password). I don't see much difference.
However I guess someone with a *different* account on the system where I have my shell account can try and guess my password but they can't get anywhere by guessing my passphrase (assuming the keys are properly protected by permissions etc.).
The shell accounts are not on systems with hundreds of users, probably only tens of users on both and (presumably) 'friendly' users at that.
etc etc etc etc.
Just to clarify ssh connections are *only* allowed from two systems 'out there' where I have shell login accounts so an intruder has to get onto one of those systems before having any possibility of connecting to my server.
Just wondering: How do you decide if the other host is a trusted host?
That's a point, though an intruder has to guess what IPs my firewall allows. I guess a really devious intruder can go through lots of spoofed IP addresses and try logging in from each.
Or monitor your connection a bit first. The data may be encrypted but at various points it would be possible to see the source and target address.
Quite, but I'm not *that* paranoid. If someone really wants to steal my data they can smash down my front door and run off with the computer. I'm more concerned about protecting myself against people on the internet playing at hacking for 'fun'.
Well for that you then need to allow only key based authentication and drop anything trying to log in with a password, then within the strength of the encryption algorithm and the resilience of the ssh server you are pretty solid. Of course you are also then a bit stuffed if you lost your private key, but that's ok because you protected them with a passphrase and backed them up in a secure location.
It wouldn't matter too much, the ssh access is only for occasional remote use (reading E-Mail etc.) when I'm away from home. As I have two shell accounts 'out there' there is some redundancy and even if I lost the private key[s] on both I could just start from scratch again. If desperate I could phone home and ask someone to open up for password access and then do it myself remotely, but in reality I'd probably simply wait until I got home and redo everything.
-
Chris G -
Srdjan Todorovic -
Wayne Stallwood