Results 1 to 5 of 5

Thread: SSH with key

  1. #1
    Join Date
    Aug 2002
    Posts
    1,633

    SSH with key

    Hi

    someone can explane me how can i setup a ssh access only with a key and dsa? do u think that is a secure solution?

    Currently i use ssh 2 on a dedicated ip and different port

    thank u

  2. #2
    Join Date
    Feb 2003
    Location
    CT
    Posts
    484
    I've used this tutorial a number of times to set-up passwordless ssh access: http://www.jdmz.net/ssh/

  3. #3
    Join Date
    Aug 2002
    Posts
    1,633
    ok thank u but do u think that this solution is more secure of my actual one?

  4. #4
    Join Date
    Feb 2003
    Location
    CT
    Posts
    484
    Originally posted by adapter
    ok thank u but do u think that this solution is more secure of my actual one?
    Well I don't claim to be security expert, but I would say that using a private key/ shared key pair for passwordless logins is less secure than typing in your password manually. Unless you have your password on a sticky note posted on your monitor

    But I still use for automated rsync server to server backups and feel that it is secure enough as long as it is used in conjunction with other appropriate security measures.

  5. #5
    Join Date
    Dec 2004
    Location
    Canada
    Posts
    1,097
    I'd disagree. It's definitely more secure, as what authenticates you (the key) is never actually transmitted over the network. You must use a passphrase on your key if you want it to be secure, but if you do, it should be quite a bit more secure than using a password.

    You now need two separate things to log in to your machine; the passphrase and the key, wheras you only needed one before. When you log in, rather than sending your key across the network, there is a challenge process that happens that has your private key on your local machine encrypt some random data from the server. If the server can then decrypt that back to what it sent using your private key, it's a valid login.

    The advantage is that a man in the middle attack of the encrypted channel won't reveal enough information for the attacker to log in as you, whereas with a password it would.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •