|
|
On Wed, 30 Jul 2008 09:53:03 +0100, Ian Rawlings wrote:
> On 2008-07-29, Jonathan Buzzard <joe@xxxxxxxxxxxxx> wrote:
>
>> Perhaps, but another issue with keys is that you could be forced to
>> disclose the passphrase to your key should you take it through an airport.
>> With failure to do so leading to detention by the authorities. Compare
>> that to the password in my head.
>
> Ridiculously unlikely given that the person at the airport would need
> to know that SSH keys exist and of course, if they do, what use are
> they as they don't actually contain kiddy porn or copied DVDs or
> whatever the airport authorities are looking for; they are looking for
> data on the laptop, and demonstrations that the laptop is a genuine
> laptop, and an SSH key is not something they are looking for. Besides
> it's easy to hide things.
>
> So compare that to the much more likely scenario of your password
> being snaffled because you're logging into your crown jewels from
> untrusted machines...
>
If the machine is untrusted it is game over whether you are using keys or
passwords. To suggest otherwise is foolish and uninformed.
The point is that if you have a random password, have rate limited the ssh
login attempts, banned system accounts and are using none obvious users
names, (all of which I do) then keys buy you little or no additional
security.
I would note that all of the above are sensible regardless of whether you
are using passwords or keys anyway.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
St. Andrews, United Kingdom.
|
|