[kwlug-disc] Curious about SSH Key security

Rashkae rashkae at tigershaunt.com
Fri Jul 23 23:49:26 EDT 2010


Raul Suarez wrote:
> After following the threads on SSH security and how using Keys is more secure and simple in the long run, I got curious about something.
> 
> Please illuminate me:
> 
> Security traditionally should depend on something you are (identity), something you have (key, card, etc) and something you know (password).
> 
> If you use keys without password you are depending on something you have.
> 
> Knowing also that you are just as secure as the weakest link.
> 
> Would using keys only dilute security as now you need to depend on securing the keys on every computer? 
> 
> If someone breaks into one of the computers that has the key, wouldn't you be exposing the server?
> 
> Raul Suarez
> 

Yup...

Keys can be passphrase protected however.  Passwordless keys are for the 
lazy and for those who need to use ssh keys in non-interactive scripts. 
  But you must be aware when doing so that the key files *must* be 
treated as the weak link if ever the computer that hosts the private key 
is compromised in any way.




More information about the kwlug-disc_kwlug.org mailing list