Security of ssh across a LAN, public key versus password
Chris Green
cl at isbd.net
Tue Oct 22 20:47:11 AEDT 2024
On Tue, Oct 22, 2024 at 11:33:27AM +0200, Jan Eden via openssh-unix-dev wrote:
> On 2024-10-22 09:14, Chris Green wrote:
>
> > OK, I think I have realised what has been confusing me (and, maybe
> > you, in the plural).
> >
> > I have been looking at this security question with a sort of 'tunnel
> > vision', I'm concerned with login security of remote systems **when
> > viewed from my desktop**. For this specific case, i.e. when someone
> > is sitting at my desk, or has my laptop in front of them, there is
> > little to choose between password and public-key authentication. To
> > break either, all the intruder has to do is guess/break my password or
> > the passphrase protecting my public-key.
>
> A little late to chime in, but if you are so concerned about access to
> your laptop, there are measures unrelated to SSH you could take. Your
> scenario sounds as if anyone could sit down at your desk and immediately
> proceed to brute-forcing your credentials for SSH connections. Wouldn't
> it be possible to physically restrict access to your desk and/or laptop?
>
Yes, quite. The physical security of systems is probably much more
important than whether one allows password authentication or not!
I do try and make sure that there is nothing important (i.e. worth
stealing) on my systems that isn't in encrypted files. My concerns
about ssh access are more to do with data preservation, i.e. not
wanting to lose old photographs and files, rather than their monetary
value.
--
Chris Green
More information about the openssh-unix-dev
mailing list