Heterogeneous File Sharing Recommendations?
charlescurley at charlescurley.com
Tue Feb 2 21:28:23 MST 2010
On Tue, 2 Feb 2010 23:09:14 -0500 (EST)
Jon Jensen <jon at endpoint.com> wrote:
> On Tue, 2 Feb 2010, Charles Curley wrote:
> > Setting up public key auth is as simple as getting the users'
> > public keys onto the servers so they can log in, and verifying the
> > correct permissions. One public key per user you expect them to use.
> > Using passwords means the passwords are sent over the net using
> > weak or no encryption.
> Is that true? I don't think it is, for ssh. Passwords are always sent
> over the ssh tunnel using the same strong encryption that's used for
> the rest of the ssh conversation. They are as secure against
> 3rd-party snooping as anything else about the ssh session.
You are correct, thank you. I spoke from old or incorrect information.
> The weakness with password authentication is that the server
> receiving the password can be modified to store the plaintext
> password, which if it was used for other accounts or servers, can be
> used to login elsewhere without authorization. Public-key
> cryptography avoids this weakness. Passwords are also much more
> likely to be guessed in a brute-force attack than ssh secret keys
> (aside from the Debian OpenSSL fiasco of 2008!). But the passwords
> are safe enough during transit.
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
More information about the PLUG