Corporate public key?
Joseph Bruni
jbruni@mac.com
Wed Jul 9 03:58:04 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This gets annoying after while, especially if you find yourself needing
to connect to said server while away from a host that has your private
key. Being able to fall back to passwords is a nice convenience for
most circumstances and, unless that Linux server of yours really
contains sensitive information, I wouldn't worry about a password crack
(unless you have really easy-to-guess passwords). Having to load your
private key on a temporary host has its own set of vulnerabilities.
One thing that would help to slow down a password attack is successive
increases in delays after each wrong password. Apple's implementation
of OpenFirmware does that to keep people from trying to brute force
that password. Perhaps you can configure "login" or "sshd" to do the
same? Or recommend it to the OpenBSD folks.
I'm not knocking public-key authentication at all -- I use it almost
exclusively -- and the ssh-agent makes life really nice. But disabling
the fallback to passwords seems a bit obtuse, IMHO.
On Tuesday, July 8, 2003, at 10:27 AM, CL Gilbert wrote:
> I have disabled ssh passwords on my Linux box in favor of gpg key
> logins
> because they cant be hacked like a pwd. plus I don't have to remember
> them as long as I have my key with me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iEYEARECAAYFAj8LdvQACgkQ4rg/mXNDweOavQCg/ObcHK+iuVWZObSnNpF5rXNw
uroAoM3NCAYHMYNGwe7yErc9qDYHkTb1
=UwVD
-----END PGP SIGNATURE-----