[kwlug-disc] Curious about SSH Key security
rarsa at yahoo.com
Fri Jul 23 23:17:39 EDT 2010
After following the threads on SSH security and how using Keys is more secure and simple in the long run, I got curious about something.
Please illuminate me:
Security traditionally should depend on something you are (identity), something you have (key, card, etc) and something you know (password).
If you use keys without password you are depending on something you have.
Knowing also that you are just as secure as the weakest link.
Would using keys only dilute security as now you need to depend on securing the keys on every computer?
If someone breaks into one of the computers that has the key, wouldn't you be exposing the server?
Software, Hardware and Practices
An eclectic collection of random thoughts
More information about the kwlug-disc_kwlug.org