[kwlug-disc] Curious about SSH Key security

Raul Suarez rarsa at yahoo.com
Fri Jul 23 23:17:39 EDT 2010

After following the threads on SSH security and how using Keys is more secure and simple in the long run, I got curious about something.

Please illuminate me:

Security traditionally should depend on something you are (identity), something you have (key, card, etc) and something you know (password).

If you use keys without password you are depending on something you have.

Knowing also that you are just as secure as the weakest link.

Would using keys only dilute security as now you need to depend on securing the keys on every computer? 

If someone breaks into one of the computers that has the key, wouldn't you be exposing the server?

Raul Suarez

Technology consultant
Software, Hardware and Practices
Twitter: rarsamx
An eclectic collection of random thoughts

More information about the kwlug-disc mailing list