SSH Security

Synister Syntax synistersyntaxlist at gmail.com
Wed Dec 7 20:04:17 UTC 2005


     I completely agree Scot.  This is a two step measure.  Something that
may only 'help' you in the long run.  There is no one answer.

- SynSyn

On 12/7/05, Scot L. Harris <webid at cfl.rr.com> wrote:
>
> On Wed, 2005-12-07 at 14:35, peter kostov wrote:
> > On Wed, 2005-12-07 at 11:36 -0500, Scot L. Harris wrote:
> > > On Wed, 2005-12-07 at 10:09, Matthew Miller wrote:
> > > > On Wed, Dec 07, 2005 at 09:53:56AM -0500, Scot L. Harris wrote:
> > > > > > I am not saying not to use key based authentication, but it is
> not a
> > > > > > cure all.
> > > > > You are correct, there are no magic bullet solutions.  Typically
> you
> > > > > would still use a password/passphrase to use your private key.  Of
> > > > > course the same rules apply as to any password, use a good
> non-trivial
> > > > > one that can not be guessed.
> > > >
> > > > And even more so than normal, since anyone with a copy of the key
> can
> > > > attempt to brute-force the passphrase at their leisure.
> > >
> > > Which is why you need to protect your private key....
> > >
> > And what about storing the private key on a memory card or usb memory
> > stick?
>
> What about it?
>
> IMHO you should always use a non-trivial password/phrase with any key
> you setup.  Of course if most users used good passwords brute force
> attacks would be more difficult than they are now.  Using a key means a
> hacker has to some how obtain that key before they can try and break
> your pass phrase.
>
> Remember the idea is to be just a little more secure than the guy next
> to you.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051207/188e3990/attachment-0001.htm>


More information about the fedora-list mailing list