This second solution is a good solution or that brings other security problems ? The solution with the keys is less secure than the one with passwords, of course. If Computer A connects to computer B via SSH, and there exists a pair of keys so that you don't have to enter the password, then a hacker who logged into computer A has also free access to computer B (crack one, access two). If there's no real need for a pair of keys (e.g. if a cron job copies files from A to B), then you shouldn't use that.
- --> But if computer A is not hacked, it is easier to brute-force crack machine B when "only" guessing a password than if the attacker has to guess a 2048bit private key. So as suggested before, if you are worried about the security of the private keys, create them with a password.
Keyexchange works the way the connected pc has an own randomly build key. With the copied key he/she cannot do anything, unless the key is not encrypted with any password. 2048 Bit is secure, but it needs more cpu-time to decode any transmissions. With this your bandwith with ssh is smaller. The only way to get in is to steal both keys by hacking one of your clients. Then he/she can fake ip/hostname and can log in, but there is a chance 1:1.000.000 that this will happen. Another method is to sniff your network with tools like dsniff (even gets secure connections somehow). All those hacking stuff is quite to much to do. Normally you will be safe, if there is no crond job that is done serveal times by key-exchange authentification. If you want extra security change the allowed hosts in /etc/hosts.allow to only allow a range of hosts/ips connect. See tcpd(8) and hosts_access(5) for a description of /etc/hosts.allow. Don't use a key without a passphrase or anyone who has your key can login from everywhere! The key exchange works fine for me to shutdown a server over ssh from the script started by a usv. Therefor I don't need a second serial module for my usv. This is only done, if we got total power down (we had it only one time yet). Philippe