[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 5 Feb 2007 13:39:28 +0000 David Johnson <dj@xxxxxxxxxxxxxxx> wrote: > Hi all, > > Until recently my Internet-accessible server was running OpenSSH using > password-based authentication so that I could easily access it remotely. Set a strong passphrase on your SSH private key, copy the public key to each server and be done with password authentication. You then only have to enter the SSH passphrase which is no different to entering a login passphrase in terms of keystrokes, with the advantage that SSH passphrase agents exist that can cache the passphrase and the passphrase itself never leaves your current machine. > I've known for some time that this wasn't a terribly good idea and have > finally switched to using public-key authentication. However, I'd like to set > it up so that clients coming from the Internet must use public-key, while > clients on my LAN can use password-based authentication. What's the point? With a SSH passphrase cache, the effect is the same. Use the same SSH key for local and remote connections, then one passphrase cache allows connection to all systems. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgpkX83yVBtC1.pgp
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html