Corporate public key?
Wed Jul 9 15:11:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
Joseph Bruni wrote:
| This gets annoying after while, especially if you find yourself needing
| to connect to said server while away from a host that has your private
| key. Being able to fall back to passwords is a nice convenience for most
| circumstances and, unless that Linux server of yours really contains
| sensitive information, I wouldn't worry about a password crack (unless
| you have really easy-to-guess passwords). Having to load your private
| key on a temporary host has its own set of vulnerabilities.
| One thing that would help to slow down a password attack is successive
| increases in delays after each wrong password. Apple's implementation of
| OpenFirmware does that to keep people from trying to brute force that
| password. Perhaps you can configure "login" or "sshd" to do the same? Or
| recommend it to the OpenBSD folks.
| I'm not knocking public-key authentication at all -- I use it almost
| exclusively -- and the ssh-agent makes life really nice. But disabling
| the fallback to passwords seems a bit obtuse, IMHO.
| On Tuesday, July 8, 2003, at 10:27 AM, CL Gilbert wrote:
|> I have disabled ssh passwords on my Linux box in favor of gpg key logins
|> because they cant be hacked like a pwd. plus I don't have to remember
|> them as long as I have my key with me.
all these things must be considered before you do this. but I think the
~ key is more secure than that password. I know its neglidgible and
probably a little anal though :D All part of Linux I guess, fun to do
and learn stuff and have my own *way* of doing things. makes me feel as
if I *know* Linux.
Gnupg-users mailing list
Free Java interface to Freechess.org
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----