Security of ssh across a LAN, public key versus password

Jan Eden tech at eden.one
Tue Oct 22 20:33:27 AEDT 2024


On 2024-10-22 09:14, Chris Green wrote:

> OK, I think I have realised what has been confusing me (and, maybe
> you, in the plural).
> 
> I have been looking at this security question with a sort of 'tunnel
> vision', I'm concerned with login security of remote systems **when
> viewed from my desktop**.  For this specific case, i.e. when someone
> is sitting at my desk, or has my laptop in front of them, there is
> little to choose between password and public-key authentication. To
> break either, all the intruder has to do is guess/break my password or
> the passphrase protecting my public-key.

A little late to chime in, but if you are so concerned about access to
your laptop, there are measures unrelated to SSH you could take. Your
scenario sounds as if anyone could sit down at your desk and immediately
proceed to brute-forcing your credentials for SSH connections. Wouldn't
it be possible to physically restrict access to your desk and/or laptop?

- Jan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20241022/4da0a93b/attachment.asc>


More information about the openssh-unix-dev mailing list