From owner-freebsd-questions@FreeBSD.ORG Sat Mar 20 16:14:20 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC4E3106566B for ; Sat, 20 Mar 2010 16:14:19 +0000 (UTC) (envelope-from gesbbb@yahoo.com) Received: from smtp102.prem.mail.ac4.yahoo.com (smtp102.prem.mail.ac4.yahoo.com [76.13.13.41]) by mx1.freebsd.org (Postfix) with SMTP id 7F82C8FC13 for ; Sat, 20 Mar 2010 16:14:19 +0000 (UTC) Received: (qmail 81137 invoked from network); 20 Mar 2010 16:14:18 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Received:Date:From:To:Subject:Message-ID:In-Reply-To:References:Reply-To:Organization:X-Mailer:Face:Mime-Version:Content-Type:Content-Transfer-Encoding; b=g/YAlEiEyRI+hpIIpKCI63fp7s46a0QEbCuFFo+uNS48NT1GCTJcgU/iZBwWkUJ0GbNxGyp2zGm4O8tR/6gaTx9Ylv6uDgiyaPpycf9x9MIM6GtkPLZXIPmLQQViimrRI5f0/iIBy7d4fIxQIwrFD0jU+dggup1GpdO2mn60F6I= ; Received: from c-67-189-160-65.hsd1.ny.comcast.net (gesbbb@67.189.160.65 with login) by smtp102.prem.mail.ac4.yahoo.com with SMTP; 20 Mar 2010 09:14:18 -0700 PDT X-Yahoo-SMTP: yeAAMgKswBATCul4lSbCWspvTA-- X-YMail-OSG: SZBUlgYVM1laNfkzYIQrysvpgBahnNgubbZ7Gm2s4yDINIjxThbcPIHEEXQtHqZGOXTA6K901nys.We8FbO3soOy1Fqt80evETXAPN.5kI3ayse5auOo_Jy8VVuCAToWck33ieaieAmpAbs41P9Wk910clJ36hYZ3pncaRvDT_2TZUCW8cK8xuSaKwKVjJMgNG7li1F9oLVpqKxcvcv20t99S6TWBqMcsYkdxF5STbpBQSC7WyE4exYXSlzZc6gn2_BpPNWfp7yIoRgbo6sNiveOmqDS1I7JWi_eSf6dC22.NvqNISC3kh3mTcYcM.QtVAl17vV2lw7xrUCK9c.S6w4q5A-- X-Yahoo-Newman-Property: ymail-3 Received: from scorpio.seibercom.net (scorpio.seibercom.net [192.168.1.101]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: gesbbb@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id F26E522830 for ; Sat, 20 Mar 2010 12:14:17 -0400 (EDT) Date: Sat, 20 Mar 2010 12:14:17 -0400 From: Jerry To: freebsd-questions@freebsd.org Message-ID: <20100320121417.67724938@scorpio.seibercom.net> In-Reply-To: <4BA4EA8C.3090702@locolomo.org> References: <201003201318.o2KDIcIt001241@fix.fantomatic.co.uk> <4BA4EA8C.3090702@locolomo.org> Organization: seibercom.net X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.7; i386-portbld-freebsd7.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEX+/v7++v6YOTrq8PCcuIX989UvOSj++v0BNCbpAAAAB3RJTUUHsQwfFzs7RBhzUQAAAhJJREFUOI1dU8GOqzAMNKIoV1bvwD1i0ysqrHplIdBrVSX7ATSbd03VVvn9tQNtQy0hjAdn7LED4AAcPtWm9RV+MPSfxhBLx9ajd6X/ngB6/mTwnRSZua7i7Ca+0ctZKo4Qmz+JY13X6I3nFZBxIYW1PbgfQ5RP8g0XlltEWGf3cV03joYpRnFbvYDKbXjZlXyyhEZA4lI+cN3NaVXE4VKjSwTExO10eTEkkJVqIAD5z0nUBQJluQDRSQjcrBiHAJxZlAH5CUMBMC7OcJ4LMQNnxhZ1HYPscMc6J4UlWRMNwzOpCcAHKSICd1EDn83abdREIbXsHkD1OinP1aCUCOEVRaa1lMcvywUWdYgk13JQUpYNKmvXQ8Kw5ML9YI5h8SakctBc7E/IYuLhYd/zZIk+1gM1vNweQBvHE0j+oYah3sMqAytQYlZk6+ANaaawJdu3OFzYGMZ3iGpa3qMlq9ZH0VZTgrCtw/ngdYkEIIpSbP1bWQAdFdX9vocBdkH2qVjVmuMu3gI5rjs814EUdrCZgWlPaxZZ3RiLFUtr+ud0PXwp2dnQSNXgePt6AZpBj6UMJ7VQkzN4utVeaSW1Dhn/kblGrKeMvNGnzwX4zuEDarYz1KdPtR60Gul0Gued+515SJXhCsl+Tx/3kY/UDvicPll9mfu50t3tvQ/thZpJYgeuwdSKNJ6tCD98MCgoxLDaPxbwqqwPWaWiAAAAAElFTkSuQmCC X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: Re: securing sshd X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2010 16:14:20 -0000 On Sat, 20 Mar 2010 16:32:28 +0100 Erik Norgaard articulated: > > * Disabled password logins completely, and to only allow public key > > authentication > > This seems good for security, but not always practical. Now you have > to walk around with a USB or have keys on your laptop and if you > loose the USB or the laptop gets stolen you can't get access. Worse, > you can't revoke the keys till you get back home. Worse yet, if you get shot and killed you won't be able to access your data no matter how hard you try. Seriously, disabling password log-ins and using key authentication is extremely secure. Do make sure that you password protect your keys however. In any event, if you laptop or whatever is stolen, you have more than just one problem to contend with anyway. -- Jerry gesbbb@yahoo.com Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ It's not whether you win or lose, it's how you place the blame.