Security suggestion concering SSH and port forwarding.
Carson Gaspar
carson at taltos.org
Tue Jan 20 09:39:57 EST 2004
--On Monday, January 19, 2004 3:58 AM -0600 Ben Lindstrom
<mouring at etoh.eviladmin.org> wrote:
> What is wrong with using public keys?
Users will use a NULL passphrase on the public key (or a trivial password).
Then we'll get hacked when they loose their laptop. Unless you're using
smart cards (and using them very carefully), public key auth just isn't
very secure with "normal" users. This is what led me to do the auth vector
work way back when.
Which makes me think... if I extended the authorized key mechanisms to
match against a username instead of (or in addition to, if applicable...) a
key, is there a chance that would get merged in? The current functionality
is pretty good, but only if you use pubkey auth. It would be nice to get
the same functionality regardless of auth mechanism.
--
Carson
More information about the openssh-unix-dev
mailing list