From owner-freebsd-questions@FreeBSD.ORG Fri Apr 27 10:37:46 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6DC1116A403 for ; Fri, 27 Apr 2007 10:37:46 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 3F96213C455 for ; Fri, 27 Apr 2007 10:37:46 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.pgh.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTP id 58A7CEBC78; Fri, 27 Apr 2007 06:37:45 -0400 (EDT) Date: Fri, 27 Apr 2007 06:37:44 -0400 From: Bill Moran To: Alex Zbyslaw Message-Id: <20070427063744.7639d3e1.wmoran@potentialtech.com> In-Reply-To: <462F5AA6.1020906@dial.pipex.com> References: <20070415200255.18e6ab3f.wmoran@potentialtech.com> <20070416184315.GA93730@idoru.cepheid.org> <462E7F2A.10202@vindaloo.com> <20070425084454.165dd9d3.wmoran@potentialtech.com> <462F5AA6.1020906@dial.pipex.com> X-Mailer: Sylpheed 2.3.1 (GTK+ 2.10.11; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: User Questions Subject: Re: Defending against SSH attacks with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2007 10:37:46 -0000 In response to Alex Zbyslaw : > Bill Moran wrote: > > >I'm a big fan of PKI, but PKI suffers from one major problem, and it's > >the same flaw that physical keys suffer from: you have to have the key > >with you. > > > > > If I had to use SSH from random locations, I'd get a USB stick that > attached to a (physical) keyring and just stick it with my (physical) > keys since I already have to carry those everywhere. The SSH keys > should be protected by decent passphrases so even losing the USB stick > isn't the biggest deal. Imation seem to make one that has one of those > climbing-style buckles: > http://www.misco.co.uk/applications/SearchTools/item-details.asp?EdpNo=247840&CatId=322 I've considered that, except that my keyring is already too damn big and bulky. I am curious about the durability of USB jump drives, though. My keys tend to get thrown around, they get wet, they experience extremes in temperature. Do you have any experience with how well jump drives hold up to that kind of torture? Despite the fact that it's a good idea, I've simply opted out on it. I've got a good, long password for my account and when I weighed the risks vs. the headaches I decided I was probably ok with a good long password. Of course, YMMV. -- Bill Moran http://www.potentialtech.com