From owner-freebsd-questions@FreeBSD.ORG Mon Nov 21 23:38:22 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05826106566B for ; Mon, 21 Nov 2011 23:38:22 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 91D5D8FC0C for ; Mon, 21 Nov 2011 23:38:21 +0000 (UTC) Received: by eyd10 with SMTP id 10so8434687eyd.13 for ; Mon, 21 Nov 2011 15:38:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=FrCzD2ZCNbC/dED9fi6gArSs1/mumcbM/8+7EOiMrVE=; b=oNgUZj8M6ONjGvbEr1/NsarRI3n5JU4ZkhJl2RZi4pKsvuqeL2tm4spUMejSIgOd01 V5wD3W12tUK4iNXd+oovfXlhsABa5RSsso3XCXPqMg+bfk3v9CG0/Dhwtfo7S5Rs7VoQ B2iNA5cdzjZ3nWdio6S7U9ch0paeBMjj+U2LY= MIME-Version: 1.0 Received: by 10.213.22.131 with SMTP id n3mr1536227ebb.131.1321917000849; Mon, 21 Nov 2011 15:10:00 -0800 (PST) Received: by 10.14.96.201 with HTTP; Mon, 21 Nov 2011 15:10:00 -0800 (PST) In-Reply-To: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com> References: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com> Date: Mon, 21 Nov 2011 15:10:00 -0800 Message-ID: From: Patrick To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Whats the difference between password+RSA, and password-protected RSA ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2011 23:38:22 -0000 In the case of a passphrase-protected RSA key, the server knowsnothing about it, so you would never be able to enforce that. It's onthe client side that the key is decrypted with the passphrase beforesubmitting it to the server. Patrick On Mon, Nov 21, 2011 at 1:19 PM, Mm Bsd wrote: > Let's say I'd like to add a small amount of extra security to my SSH logi= n process. > > Let's say I decide the way I want to do this is by requiring BOTH a passw= ord and an RSA key. =A0There appear to be patches, or procedures, that allo= w me to do this. =A0So to log in, I would be required to enter a normal uni= x password, but I would ALSO be required to hold a proper RSA public key. > > My question is this: > > In terms of security (and correctness ?) what's the difference between th= is (unix password + SSH RSA key) and simply generating my RSA key *with* a = password ? =A0Both ways require me to "have something" and "know something"= , but they are obviously different, technically. > > Comments on the difference, and relative security of the two methods ? > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >