OT: SSH With Public/Private Key Authenification
Fairlight
fairlite at fairlite.com
Wed Oct 20 14:08:21 PDT 2010
Yo, homey, in case you don' be listenin', Jay Ashworth done said:
> ----- Original Message -----
> > From: "Scott Walker" <ScottWalker at RAMSystemsCorp.com>
>
> > Would like to ask the lists opinion. Is using SSH with a
> > public/private key authentification scheme a pretty good way to have a
> > secure connection from my windows vista pc to a Linux serve.
>
> Well, the answer to that depends a lot on what aspects of your connection
> you're trying to secure, but, overall, using an SSH capable terminal emulator
> with a private key file secured by a reasonably long passphrase, and the SSHv2
> protocol, with no known unfixed bugs on either program, is a reasonably good
> way both to control access to the server, and to prevent eavesdropping on your
> sessions, yes.
>
> Hardware or software keystroke loggers on the Vista client, of course, will
> expose your passphrase to an attacker...
What Jay said. Except I use passphraseless keys and the authorized_keys
file on the target system side, both for ease of use, and automation. The
passphrase is never exposed to keylogging because the passphrase is never
typed.
If you can guarantee the security of your private key, and remote desktop
acces either doesn't exist or is strictly regulated, this works fine.
I think Bill Campbell had a different method of doing it (pageant or
ssh-agent or something) that had passphrases being typed once, and then not
again for the duration. That doesn't play well with automation, as I
recall.
mark->
--
Audio panton, cogito singularis.
More information about the Filepro-list
mailing list