[NBLUG/talk] Root and SSH questions..

E Frank Ball frankb at efball.com
Wed Sep 17 16:50:06 PDT 2003


On Wed, Sep 17, 2003 at 04:34:51PM -0700, Walter Hansen wrote:
} 
}      Can someone explain the issues with passwords over ssh please?

If somebody has your password, and you allow logins via password, then
they can log in as you from anywhere in the world.

When using ssh key pairs your secret ssh key stays on your machine.
Your public ssh key goes on the remote machine.  If somebody has your
passphrase for your ssh key it is of no value unless they also have your
secret ssh key to go with it.  The keys are also tied to the machine
name of your local machine.

It's just one more layer of security.

At one point someone managed to root the shell server at sonic.net and
put in some trojan programs that collected peoples passwords as they
logged in.  People who used ssh key pairs for logging in were not
compromised since this person never had access to the secret ssh keys.

-- 

   E Frank Ball                frankb at efball.com



More information about the talk mailing list