Right. The problem with that is that as the admin, you can't enforce that users set a passphrase, or remove it later in time from the private key. The idea with two factor is that they definitely have the device / application you sent home with them, without being able to disable it for convenience.
You can also add the passphrase to your ssh keyring so you don't have to type it each time, which is neither here nor there. :-) -- Corey On Jan 11, 2013, at 12:13 PM, "John BORIS" <[email protected]> wrote: > Mason, > You can create ssh keys that require a password. At least the ones I > created on my systems always asked me for a password. if I didn't want > the password I wouldn't eneter one. > > John J. Boris, Sr. > > "Remember! That light at the end of the tunnel > Just might be the headlight of an oncoming train!" > > >>>> Mason Turner <[email protected]> 1/11/2013 2:32 PM >>> > On Jan 11, 2013, at 2:07 PM, Josh Smift <[email protected]> wrote: > >> How different is the Symantec solution from SSH with a key with a >> passphrase? Not that there's anything wrong with SSH with a key with > a >> passphrase; but if that's good enough, what do you get by adding > Symantec? > > SSH keys don't require a password, and you can't enforce that they have > one. It would satisfy "thing thing you have" but no guarantee of > requiring "the thing you know." > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
