Re[2]: [SAGE] The danger of SSH keys..

[Josh Smith <irilyth@infersys.com>]

DP == Dustin Puryear <dustin@puryear-it.com>

DP> A key difference here is that with a system password, I can at least
DP> force the user to set a password rather than leaving it blank. I can
DP> also require a minimum strength. With SSH keys, I can't do *any* of
DP> that.

Well, but the danger of a blank or short password is much higher than the
danger of a blank or short passphrase on an SSH key, in that someone could
very reasonably brute-force their way into an account with a blank or
short password, whereas they have to actually get their hands on the key
in order to take advantage of its poor passphrase.

If someone set a blank password, and you didn't prevent it, I'd almost be
surprised if their account *didn't* get hacked; or to put it another way,
if their account did get hacked, I'd say "oh, they had a blank password,
well, that explains it". If someone sets up an SSH key with a blank
passphrase, and then gets hacked, I'd want to do a lot more investigation
into what happened. In particular, if someone had sufficient access to the
user's client system to steal the key, they might well have had sufficient
access to steal a passphrase too, and that'd be important to discover.

                                      -Josh (irilyth@infersys.com)