[NBLUG/talk] Root and SSH questions..
Ross Thomas
spamb8r at netscape.net
Wed Sep 17 16:49:00 PDT 2003
Walter Hansen wrote:
> Can someone explain the issues with passwords over ssh please?
The biggest issue is that you can still guess a password. You can't
'guess' an RSA or DH private key. :-) Most passwords give you at
best (8*7) = 56 bits of password space. Less, since a password usually
has to contain standard alpha-numerics & punctuation. Whereas, a
'standard' size for key pairs is usually >512 bits (mine are always 1024
or larger) and every bit is significant.
The other thing about key authentication is that you must both possess
the private key AND have the public key installed on the destination
server. This gives the server greater control over who accesses the
machine. For instance, when someone is no longer supposed to be able
to access the server, rather than have to change the password and get
the changes to all other people concerned you just remove their key from
the authorized_keys file. Instant denial.
HTH.
Ross.
More information about the talk
mailing list