All these recent questions about connecting from a laptop to a home
(desktop) machine bring me back to my original reasons for using
password authentication rather than Public Key authentication.
My original (and still valid) reasoning was as follows:-
Password authentication will *always* ask for the password, there's no equivalent of a key agent. So, if I leave my laptop lying around and
turned on (I often do), as long as I log out from the connections to
the home desktop machine someone else can't access my home desktop
unless they know the password.
Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.
Yes, there are ways to reduce the risk with Public Key authentication
but I don't see any major advantages in the underlying security so
what's to be gained.
A remote user (i.e. someone at my laptop) can't brute force the
password as the increasing delays on entering an incorrect password
prevent this. So, if the password is sensibly secure, I see no major security problem.
Unauthorised access to my desktop machine is far more likely to be due
to overlooking some obvious 'design' fault than to someone breaking my password IMHO.
Thoughts anyone, am I missing anything obvious (quite likely!)?
Chris Green <cl@isbd.net> writes:
All these recent questions about connecting from a laptop to a home (desktop) machine bring me back to my original reasons for using
password authentication rather than Public Key authentication.
My original (and still valid) reasoning was as follows:-
Password authentication will *always* ask for the password, there's no equivalent of a key agent. So, if I leave my laptop lying around and turned on (I often do), as long as I log out from the connections to
the home desktop machine someone else can't access my home desktop
unless they know the password.
Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.
Yes, there are ways to reduce the risk with Public Key authentication
but I don't see any major advantages in the underlying security so
what's to be gained.
A remote user (i.e. someone at my laptop) can't brute force the
password as the increasing delays on entering an incorrect password
prevent this. So, if the password is sensibly secure, I see no major security problem.
Unauthorised access to my desktop machine is far more likely to be due
to overlooking some obvious 'design' fault than to someone breaking my password IMHO.
Thoughts anyone, am I missing anything obvious (quite likely!)?
I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing you’ve missed is that the attacker can install a keylogger and capture
your password next time you use it.
That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less often.
Richard Kettlewell <invalid@invalid.invalid> wrote:
I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing
you’ve missed is that the attacker can install a keylogger and capture
your password next time you use it.
That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less
often.
Good point, though it's fairly unlikely isn't it? The intruder has to
find my computer unnatended and happens to have a Linux aware key
logger available (presumably on a stick) and the means to install it.
However I guess people who are likely to have that sort of thing will
also have them on an 'easy to install quickly' medium of some sort.
Chris Green <cl@isbd.net> writes:
Richard Kettlewell <invalid@invalid.invalid> wrote:
I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing >> you’ve missed is that the attacker can install a keylogger and capture >> your password next time you use it.
That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less >> often.
Good point, though it's fairly unlikely isn't it? The intruder has to
find my computer unnatended and happens to have a Linux aware key
logger available (presumably on a stick) and the means to install it. However I guess people who are likely to have that sort of thing will
also have them on an 'easy to install quickly' medium of some sort.
It doesn’t need to be any more complex than:
curl some.url | bash
Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.
On 9/17/20 2:44 AM, Chris Green wrote:
Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.
I'm not quite sure how to unpack "by default, using an agent". Are you referring to the agent's default behavior or that you are using an agent
by default?
Have you looked at the "-t <seconds>" option to adding keys to the agent?
My understanding is that you can make keys via agent behave as if they
only exist in the agent for the specified number of seconds.
This makes me think that if your keys had a passphrase on them and that
the number of seconds since added had expired that you would be prompted
for the passphrase for the key again.
I think that you might be able to get the ssh agent to behave somewhat
like sudo in that it remembers you for a specified amount of time.
Yes, you can do that, but it only gets you back to the same place as
password authentication gets you to by default.
On 9/18/20 11:58 AM, Chris Green wrote:
Yes, you can do that, but it only gets you back to the same place as password authentication gets you to by default.
It's not quite the same place.
You can use the key for multiple connections for the key's lifetime.
So if you set the lifetime to be 15 seconds, then any background use,
e.g. ProxyJump, will benefit from it.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 295 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 18:28:00 |
| Calls: | 6,640 |
| Files: | 12,187 |
| Messages: | 5,325,146 |