[kwlug-disc] Curious about SSH Key security

[unsolicited]

Raul Suarez wrote, On 07/23/2010 11:17 PM:
> After following the threads on SSH security and how using Keys is
> more secure and simple in the long run, I got curious about
> something.
> 
> Please illuminate me:
> 
> Security traditionally should depend on something you are
> (identity), something you have (key, card, etc) and something you
> know (password).
> 
> If you use keys without password you are depending on something you
> have.
> 
> Knowing also that you are just as secure as the weakest link.
> 
> Would using keys only dilute security as now you need to depend on
> securing the keys on every computer?
> 
> If someone breaks into one of the computers that has the key,
> wouldn't you be exposing the server?

Yes, but, once known, it is very easy, trivial, to re-secure - just 
take the line out of the authorized_keys file. (And doing so is 
relatively painless - like disabling an account rather than deleting 
it.) Let alone, you may only, for the moment, be intentionally 
disabling someone's remote access. Doesn't mean they shouldn't be able 
to work normally when they come in the next day. Let alone refreshing 
(replacing) keys all around, just in case (is a somewhat easy / 
painless process).

IIRC, good practice says one key per person per location. From laptop, 
from usb, from home, remote, etc., etc. Thus, a report of a lost usb 
key, or stolen laptop, triggers a commenting out or removal of that 
line in authorized_keys, while perhaps leaving alternate entry 
methods. e.g. Laptop lost, but can go to internet cafe with usb key. 
Deleting laptop line in authorized_keys (in theory) plugs leak while 
leaving access. [Arguably, if they lost the laptop ... how good a 
custodian of keys are they. Or, how long before they reported the 
laptop loss, and what did they also lose, then find, and not report. A 
lost laptop and bag, recovered, may have had a usb key in it that was 
not.]