[opensuse] private key/ public key over ssh vs just using a password
Hello, Just had an interesting argument concerning the security of using a private key / public key combination over ssh and no password vs simply using a username and password over ssh (or sFTP) and accepting the RSA key fingerprint of the host. Anyone have any hard facts (sources) on which is more secure or are both equally secure and why? Many thanks, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James D. Parra wrote:
Hello,
Just had an interesting argument concerning the security of using a private key / public key combination over ssh and no password vs simply using a username and password over ssh (or sFTP) and accepting the RSA key fingerprint of the host.
Anyone have any hard facts (sources) on which is more secure or are both equally secure and why?
Many thanks,
James
The RSA key from the host only verifies the host. The idea with the private/public key is that it's a lot harder to break than an ID password. An ID may already be known and a password will likely be much shorter than the key and subject to various attacks, such as dictionary and social engineering. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
James D. Parra
-
James Knott