-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rajko M. wrote:
On Friday 28 November 2008 07:33:01 am G T Smith wrote:
I would agree, that if you have a regular need for ssh access from an external location that this is the preferable authentication mechanism, though a slight case of overkill for a small home network for mainly internal use.
In any network it is more convenient to have keypair authentication, than to type passwords all the time. One time more work and then enjoy.
I would generally prefer the password protected key option (to use the key you have to authenticate with a password), which is same difference in the latter context. The thing about household or computer keys (like single socks, paper clips, and pens) is they can get lost, usually when you most need them :-) . If the wrong person gets the lost key then you could be toast if the key is not protected. For private use I tend to prefer password, entry plus blocks on external firewall as I have very little call for external ssh access at the moment. On the very rare occasions I think I will need it (once in the last 12 months or so), I set up the port to be opened at external firewall at a fixed time for a fixed time. (The key is in your head, and if you loose that you have other things to worry about :-) ). What I would like to do is fix up some sort of single sign on, so one authentication allows access networked resources at a network level, but unfortunately for *NIX this would be a major project (and getting this to work with ssh, cups, apache and samba etc could be a major pain). So one has one strong point of entry rather than several points of varying strength. If this requirement changes I will almost certainly implement something better, but until this happens I have other things to do. YMMV - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkkxGdQACgkQasN0sSnLmgKHlgCgwPmUuebWg7FQtW9mjR3mVx2X s3oAoI7w8KwQFq6ETRoAun1rXUz9t2na =b/jh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org