> > To have an official standard. > > I guess I don't see why an official standard is needed for a one-liner.
For partly automation. > Plus, I would think that each administrator would have their own > set of standards that they should enforce; an "official standard" would > lead to automatic reactions instead of thinking for three seconds. Well, depending on what type of architecture you have to manage, those 3 sec can accumulate rather quickly. I don't say "take human brains out of decision", but it should have a form that is managable by software frontends. > > I mean, how is ssh going to authenticate you to the remote administrator? Rather meant that ssh(d) should look in a defined place for the public key and then inform the admin that a new one's waiting for auth. I wouldn't wanna have it 100% automated either. > (This is where PKI comes in, I suppose... you and the administrator should > share a common certificate authority, so he can look up/verify your cert. > Do we want to start putting ssh public keys into a PKI framework?) Sounds tempting doesn't it... > > > computer, and your key is compromised, just like a fixed password would > > > be. > > > > If all that can be read is my public key? > > So you'd walk up to the administrator and say "I'd like an account on > machine $FOO", hand 'em your company badge and a USB stick? (And, one > hopes, the fingerprint to you key on a sheet of paper.) Pardon? I mean, my public key can travel as much as it wants, can it not? After all, it's a *public* key. > > It won't help you log in from an arbitrary machine, which is what I > thought you were trying to do. If you're just trying to distribute > your public key so you can access various machines from your primary > box, that's different. That's pretty much what I want. Example: got three machines here. (Yet :) ) So I'd like all three of them to hold my public key and when I connect my usb stick to *one* machine I'd like to able to ssh into the others, too, without providing a password. > Smart Cards aren't around because they aren't widely used; but they're > being used in more and more systems. I'll have a look at that when smart card readers are as common as usb ports. > > Technology that doesn't _actually_ solve your problem isn't worth much. Technology that nobody has either. > > Laptop on my keyring will have me lose my pants a lot in public. not > > good. ;) > > Isn't that all the rage among kids these days? Been to a disco lately. Wrong evening, thought 80s party was on, instead was new metal / hardcore. Man I felt old. > > If that key - and the locks! - are sufficiently secure - alright. > > Ah, well, this is where our comfort levels differ. > > In a corporate environment especially, one-key-fits-all-locks is a lousy > design, despite being highly desired. Well, one key fits all works in my case since I granted myself access to all my stuff :) - different thing in a company of course, but at the CeBit Toshiba hat those neat 4GB SD cards - can hold a lot of keys, I'd say... -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d--(+)@ s-:+ a- C+++(++++) UL+>++++ P+>++ L+++>++++ E-- W++ N o? K- w--(---) !O M+ V- PS++(+) PE(-) Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@ b++(+++) DI+++ D G++ e* h>++ r%>* y? ------END GEEK CODE BLOCK------ http://www.stop1984.com http://www.againsttcpa.com -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
