[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] The danger of SSH keys..

To: "Dustin Puryear" <dustin@puryear-it.com>
Subject: Re: [SAGE] The danger of SSH keys..
From: hbo@egbok.com
Date: Mon, 22 Jan 2007 09:22:05 -0800 (PST)
Cc: sage-members@usenix.org
Sender: owner-sage-members@usenix.org
User-Agent: SquirrelMail/1.4.9a

> Other than making a policy of "Put passwords on your SSH keys", how do you
> handle the danger of some users potentially not using passwords on their
keys?
>

How do you handle the danger of people writing down those "secure"
passwords you enforce?

Unsigned keys, like passwords, depend on the user to maintain the security
of the access token. If you want something more secure, you need to look
at multiple factor systems, and/or certificate based mechanisms.
(Certificates, unlike "naked" keys, can enforce password protection. If
there's no password, don't sign the key at the CA.)

--
Howard Owen    EGBOK Consultants  | "Even if you are on the right
 "I've had the initials longer"   |  track, you'll get run over if you
hbo@egbok.com     +1-650-218-2216 |  just sit there." - Will Rogers

Follow-Ups:
- Re: [SAGE] The danger of SSH keys..
  - From: Sam Johnston <samj@samj.net>

Prev by Date: Re: [SAGE] The danger of SSH keys..
Next by Date: Re[2]: [SAGE] The danger of SSH keys..
Prev by thread: Re[2]: [SAGE] The danger of SSH keys..
Next by thread: Re: [SAGE] The danger of SSH keys..
Index(es):
- Date
- Thread