Re: SSH public key auth vs OTP auth
On 03/05/13 15:36, Lars Noodén wrote: On 03/05/2013 10:29 PM, Peter Bisroev wrote: [snip] 100% agree. Having unencrypted private keys was one of the reasons that I have started looking into OTP/TOTP. At this point, I think it is probably better to force untrusted users (those who cannot be trusted to keep their private keys encrypted) to use TOTP with sufficiently long passwords (login_totp-and-pwd) and allow trusted users a bit more freedom. [snip] What level of encryption is deemed adequate nowadays? Regards, /Lars who have you pissed off/enticed, and what other entry methods are you exposing? Realistically, cracking encryption is not high on attacker's list of methods at the moment...usually other ways are faster and more productive. On the other hand...if this is the only exposure you have AND they want you...crank it. Otherwise, you are probably putting too many big locks on the secure door...and neglecting the open window next to it. Nick.
Re: SSH public key auth vs OTP auth
Hi Stuart, On Mon, Mar 4, 2013 at 7:33 PM, Stuart Henderson s...@spacehopper.org wrote: I am aware that more secure depends on the situation, such a whether the login is happening from a trusted terminal, how is the secret key stored on the device that is generating TOTP, is the public key encrypted, etc. But what are your thoughts in general? I think it totally depends on the situation and can't really be applied in general.. Either of them can be made to be unsafe. That makes sense. I guess it all depends on your trust relationship with the party whom you are allowing to connect to your hosts. OpenSSH has this in -current, see sshd_config(5) AuthenticationMethods. That is great! I will definitely give it a go. Thank you! --peter
Re: SSH public key auth vs OTP auth
On 2013/03/05 12:51, Peter Bisroev wrote: Hi Stuart, On Mon, Mar 4, 2013 at 7:33 PM, Stuart Henderson s...@spacehopper.org wrote: I am aware that more secure depends on the situation, such a whether the login is happening from a trusted terminal, how is the secret key stored on the device that is generating TOTP, is the public key encrypted, etc. But what are your thoughts in general? I think it totally depends on the situation and can't really be applied in general.. Either of them can be made to be unsafe. That makes sense. I guess it all depends on your trust relationship with the party whom you are allowing to connect to your hosts. To illustrate: if you don't trust users to keep their authorized_keys file encrypted, you might want to require additional authentication (password or OTP). Or if you don't want the replay window that TOTP gives then you might want the second factor of a public key authentication. OpenSSH has this in -current, see sshd_config(5) AuthenticationMethods. That is great! I will definitely give it a go. It might also be worth pointing out that this can be used in a Match block, therefore if wanted you can permit access from known addresses of secured hosts with just an SSH key, but require an additional password/OTP for connections from other addresses.
Re: SSH public key auth vs OTP auth
On Tue, Mar 5, 2013 at 1:04 PM, Stuart Henderson s...@spacehopper.org wrote: I am aware that more secure depends on the situation, such a whether the login is happening from a trusted terminal, how is the secret key stored on the device that is generating TOTP, is the public key encrypted, etc. But what are your thoughts in general? I think it totally depends on the situation and can't really be applied in general.. Either of them can be made to be unsafe. That makes sense. I guess it all depends on your trust relationship with the party whom you are allowing to connect to your hosts. To illustrate: if you don't trust users to keep their authorized_keys file encrypted, you might want to require additional authentication (password or OTP). Or if you don't want the replay window that TOTP gives then you might want the second factor of a public key authentication. 100% agree. Having unencrypted private keys was one of the reasons that I have started looking into OTP/TOTP. At this point, I think it is probably better to force untrusted users (those who cannot be trusted to keep their private keys encrypted) to use TOTP with sufficiently long passwords (login_totp-and-pwd) and allow trusted users a bit more freedom. But as you have mentioned before, it all depends on the situation and use case, so not a general recommendation. OpenSSH has this in -current, see sshd_config(5) AuthenticationMethods. That is great! I will definitely give it a go. It might also be worth pointing out that this can be used in a Match block, therefore if wanted you can permit access from known addresses of secured hosts with just an SSH key, but require an additional password/OTP for connections from other addresses. This is definitely something that I will use more of as the configuration starts to get more complex. In general, the more I use OpenBSD (and Open* friends), the more I love it. The simplicity and elegance of these systems is just too awesome! :) Thanks! --peter
Re: SSH public key auth vs OTP auth
On 03/05/2013 10:29 PM, Peter Bisroev wrote: [snip] 100% agree. Having unencrypted private keys was one of the reasons that I have started looking into OTP/TOTP. At this point, I think it is probably better to force untrusted users (those who cannot be trusted to keep their private keys encrypted) to use TOTP with sufficiently long passwords (login_totp-and-pwd) and allow trusted users a bit more freedom. [snip] What level of encryption is deemed adequate nowadays? Regards, /Lars
Re: SSH public key auth vs OTP auth
On 2013-03-04, Peter Bisroev pe...@int19h.net wrote: Hi All, Recently I had a chance to play with ./sysutils/login_oath and ./security/oath-toolkit ports maintained by Stuart Henderson. Both ports work fantastic, thanks Stuart! However I have a general question regarding various auth options with SSH (hopefully this list is OK for this discussion). There are obvious benefits to both public key and OTP authentication and they are very useful and unique in their own ways. But which one would you consider more secure? I am aware that more secure depends on the situation, such a whether the login is happening from a trusted terminal, how is the secret key stored on the device that is generating TOTP, is the public key encrypted, etc. But what are your thoughts in general? I think it totally depends on the situation and can't really be applied in general.. Either of them can be made to be unsafe. Would it make sense to have the ability to allow OpenSSH on OpenBSD to allow both public key and OTP to be used simultaneously (like RedHat's patch allows using RequiredAuthentications2 option to sshd_config)? Or does it make things needlessly complex? Thanks everyone! --peter OpenSSH has this in -current, see sshd_config(5) AuthenticationMethods.
