[vox-tech] sshd_config and PasswordAuthentication

[Micah J. Cowan]

On Fri, Jul 22, 2005 at 12:02:41PM -0700, Karsten M. Self wrote:
> on Fri, Jul 22, 2005 at 10:01:32AM -0500, Jay Strauss (me at heyjay.com) wrote:
> > 
> > >No.
> > >
> > >The authentication is handled by SSH using the public/private keypair.
> > >The system password itself isn't involved in the authentication at all.
> > >
> > >It's possible to have users whose remote passwords are unknown or
> > >disabled by this method.  This is the case for a number of remote hosts
> > >I access regularly.
> > >
> > >
> > >Peace.
> > >
> > 
> > Karsten, I apologize, I didn't realize I hadn't responded.  Thanks for 
> > all the info.
> > 
> > I think you are talking about passwordless authentication, 
> 
> It's not "passwordless", which is a description of negation.  It is
> possible to set up accounts and SSH-keys without passwords or
> passphrases.  Naturally, this is highly insecure.

A small quibble: Using assymetric key cryptography without passphrases
is not necessarily insecure. If the private key is secure, then a
passphrase is not useful. A private key is not really harder to secure
than a passphrase is, and if the private key is accessible to someone,
chances are pretty good that the passphrase can be as well.

Also, use of a passphrase-encryption on a more-or-less publicly
available private key means that the "weakest link" in the security
chain will be the weaker of (1) the assymetric encryption algorithm and
(2) the symmetric encryption algorithm used to encrypt the private key
with the passphrase.

Of course, if the private key is truly private, then the passphrase does
no harm (other than the minor nuisance it presents to the owner), and
provides an extra level of protection in the case of *accidental*
compromise of the private key, for the paranoid (a generally good trait
to possess).

Nonetheless, it seems to me that calling the use of public-key
cryptography without passphrases "highly insecure" is a rather harsh
exaggeration.