Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Openssh + security
  • From: Jaime Santos <jesantos@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 13 Dec 2005 13:56:17 +0100
  • Message-id: <439EC4F1.6080104@xxxxxxxxxxxxxxxxxxxx>
Hi Bruno,

Sorry, one thing I said is not correct. The server looks for a copy of
your public key in the file ~/.ssh/authorized_keys.
You copy your file id_dsa.pub or id_rsa.pub into there when you create a
new key. Such a file can contain several
different public keys and the possession of any of the corresponding
private keys will allow an user to login using
challenge-response. Obviously, it is questionable why one should possess
more than one different key. They should
be protected by different passphrases, otherwise there is no increased
security, but them you have to manage those
different passphrases. Moreover, you can have different copies of the
same key protected by different passphrases.
Suppose you want to login in automatically from a very secure machine.
You change the passphrase of the resident
private key to none in that machine. However, the copy of the key you
carry in your laptop or diskette or USB-stick should
still be protected by a strong passphrase.

Hope this helps. Best, Jaime.
< Previous Next >