[kwlug-disc] Curious about SSH Key security
unsolicited at swiz.ca
Fri Jul 23 23:45:48 EDT 2010
Raul Suarez wrote, On 07/23/2010 11:17 PM:
> After following the threads on SSH security and how using Keys is
> more secure and simple in the long run, I got curious about
> Please illuminate me:
> Security traditionally should depend on something you are
> (identity), something you have (key, card, etc) and something you
> know (password).
> If you use keys without password you are depending on something you
> Knowing also that you are just as secure as the weakest link.
> Would using keys only dilute security as now you need to depend on
> securing the keys on every computer?
> If someone breaks into one of the computers that has the key,
> wouldn't you be exposing the server?
Yes, but, once known, it is very easy, trivial, to re-secure - just
take the line out of the authorized_keys file. (And doing so is
relatively painless - like disabling an account rather than deleting
it.) Let alone, you may only, for the moment, be intentionally
disabling someone's remote access. Doesn't mean they shouldn't be able
to work normally when they come in the next day. Let alone refreshing
(replacing) keys all around, just in case (is a somewhat easy /
IIRC, good practice says one key per person per location. From laptop,
from usb, from home, remote, etc., etc. Thus, a report of a lost usb
key, or stolen laptop, triggers a commenting out or removal of that
line in authorized_keys, while perhaps leaving alternate entry
methods. e.g. Laptop lost, but can go to internet cafe with usb key.
Deleting laptop line in authorized_keys (in theory) plugs leak while
leaving access. [Arguably, if they lost the laptop ... how good a
custodian of keys are they. Or, how long before they reported the
laptop loss, and what did they also lose, then find, and not report. A
lost laptop and bag, recovered, may have had a usb key in it that was
More information about the kwlug-disc