From owner-freebsd-questions@FreeBSD.ORG Tue Nov 22 04:37:39 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CEE08106564A for ; Tue, 22 Nov 2011 04:37:39 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id 94AF18FC12 for ; Tue, 22 Nov 2011 04:37:39 +0000 (UTC) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id pAM4bcEc057069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 21 Nov 2011 20:37:38 -0800 (PST) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id pAM4bcvu057068; Mon, 21 Nov 2011 20:37:38 -0800 (PST) Received: from fbsd81 ([192.168.200.81]) by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA10699; Mon, 21 Nov 11 20:34:35 PST Date: Tue, 22 Nov 2011 03:34:13 -0800 From: perryh@pluto.rain.com To: mmbsd1982@yahoo.com Message-Id: <4ecb88b5.qe8ftxOGspcS5omM%perryh@pluto.rain.com> References: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com> In-Reply-To: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Whats the difference between password+RSA, and password-protected RSA ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2011 04:37:39 -0000 Mm Bsd wrote: > Let's say I'd like to add a small amount of extra security to my > SSH login process. > > Let's say I decide the way I want to do this is by requiring > BOTH a password and an RSA key ... So to log in, I would be > required to enter a normal unix password, but I would ALSO be > required to hold a proper RSA public key. > > My question is this: > > In terms of security (and correctness ?) what's the difference > between this (unix password + SSH RSA key) and simply generating > my RSA key *with* a password ? Both ways require me to "have > something" and "know something", but they are obviously different, > technically. Suppose you are a bank branch manager, and consider your RSA key as the combination to the vault. (Also suppose that you are the only person authorized to open the vault, and that the combination is complicated enough that you can't just remember it -- it has to be written down.) Normal file security (chmod 400) is like storing the paper, on which the combination is written, inside your locked (personal) office. Someone other than you, e.g. the janitor, may have a key to your office. Protecting the RSA key with a password is like locking the paper in your desk (which is in your locked office). Only you have a key to the desk. Requiring a login password in addition to the RSA key is like adding a second, interior door -- to which you have the only key -- to the vault. That second door is nowhere near as strong as the main vault door, but it does provide some additional protection. There's no reason in principle why you can't protect your RSA key with a password, and also require a (different) password for login in addidion to the RSA key.