Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 20 Mar 2010 12:14:17 -0400
From:      Jerry <gesbbb@yahoo.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: securing sshd
Message-ID:  <20100320121417.67724938@scorpio.seibercom.net>
In-Reply-To: <4BA4EA8C.3090702@locolomo.org>
References:  <201003201318.o2KDIcIt001241@fix.fantomatic.co.uk> <4BA4EA8C.3090702@locolomo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 20 Mar 2010 16:32:28 +0100
Erik Norgaard <norgaard@locolomo.org> articulated:

> > * Disabled password logins completely, and to only allow public key
> > authentication  
> 
> This seems good for security, but not always practical. Now you have
> to walk around with a USB or have keys on your laptop and if you
> loose the USB or the laptop gets stolen you can't get access. Worse,
> you can't revoke the keys till you get back home.

Worse yet, if you get shot and killed you won't be able to access your
data no matter how hard you try.

Seriously, disabling password log-ins and using key authentication is
extremely secure. Do make sure that you password protect your keys
however. In any event, if you laptop or whatever is stolen, you have
more than just one problem to contend with anyway.

-- 
Jerry
gesbbb@yahoo.com

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

It's not whether you win or lose, it's how you place the blame.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100320121417.67724938>