help analyzing an attack
Robert Brockway
rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Mon Apr 23 02:41:39 UTC 2007
On Fri, 20 Apr 2007, Ian Petersen wrote:
> I could be wrong, but I think that's done when you create the
> key-pair. I'm lazy, so my key-pair is not password protected, but the
> ssh-keygen command asks for a password and admonishes you if it's
> blank.
It's worth noting that the ssh _passphrase_ that you are prompted for
during key authentication (or earlier if using ssh-agent) is not just a
password. Password authentication is a distinct process to PKI
authentication.
The PKI passphrase never transverses the network during authentication
while the regular password does (albeit over an encrypted channel).
I don't _think_ it is possible to turn on PKI auth and password auth at
once in OpenSSH but it may be. Even if it was possible I'd be inclined
to stick to PKI auth only as the addition of a standard password would add
little to security and would throw away a lot of the cool stuff you can do
with ssh when using ssh-agent.
Cheers,
Rob
--
Robert Brockway B.Sc. Phone: +1-905-821-2327
Senior Technical Consultant Urgent Support: +1-416-669-3073
OpenTrend Solutions Ltd Email: support-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Web: www.opentrend.net
Contributing Member of Software in the Public Interest
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list