Hello,
I would use RSA keys ...you can restrict ot by user and host. This solution works well in a company network where you are always at your desktop.
The problem is when you are traveling ... you will always need a copy of your key with you ... and make sure that you never leave a copy on a remote system.
A USB key may be a good solution ... as long as the key is never cached by the OS or copyed by an attacher or user to the local disk.
Michael.
Jarrod Major wrote:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Trever Miller Sent: Wednesday, February 23, 2005 11:24 AM To: CLUG General Subject: Re: [clug-talk] SSH security ?
Cory Syvenky wrote:
Wasn't he talking about this?
http://www.mail-archive.com/[email protected]/msg06168.html
Hmm, yes more or less. Except I wouldn't use passphrase-less keys in most cases; I would tend to use ssh-agent to cache the passphrase in ram for the duration of my session.
This is what put me off looking into this in the first place. What encryption system is best? RSA or DSA? I know that OpenSSH uses two different systems to manage keys. Is system 1 and 2 referring to RSA and DSA encryption respectively or is there more to it? BTW, thanks Ian, the IBM articles were very good and I imagine the links should fill in any blanks.
I was just curious as to what other people were using. I am only managing one server but from multiple locations so being able to use the same public key from different machines is cool as long as I have the passphrase.
Jarrod
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
