[PLUG] SSH Experts Here?

Elliott Mitchell ehem at m5p.com
Wed Dec 6 03:17:51 UTC 2006


>From: Rich Shepard <rshepard at appl-ecosys.com>
>    Locally, using only a password is fine; we're behind the firewall and
> communications is among local hosts. But, when I'm away from the office I'd
> feel more comfortable typing my passphrase for access, especially on a
> wireless public network (or, public wireless network).

As long as you check host keys, there isn't really any practical
difference. Your target machine will have the password, if it is
compromised, an attacker *will* get your password (when you log onto the
console if nothing else). Pass-phrases are really most important when
you're going unencrypted through somewhere, either an intermediate sshd
host, or through wireless without encryption.

>    If you folks who deal with security have suggestions on how to debug this
> situation, please let me know.

The logs have already been suggested. `ssh -v` is a tremendous source of
information, in the worst case stopping `sshd` and then running `sshd -d`
is another source of information (remember to fully restart sshd when
done!).


-- 
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \BS (    |         EHeM at gremlin.m5p.com PGP 8881EF59         |    )   /
  \_CS\   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/





More information about the PLUG mailing list