[ale] Most Secure SSH

Michael D. Hirsch mhirsch at nubridges.com
Fri Aug 29 10:51:02 EDT 2003


On Thursday 28 August 2003 08:45 pm, David Corbin wrote:
> Currently I have firewall.  I have it pretty well tightened down, but I
> do have SSH open, as I need to access my system(s) from the office.    I
> use an rsa key to access this, though I can access with with just a
> password.
>
> Now, if I need to get to one of my systems that is behind the firewall,
> I can access them using ssh.   Currently, I do not have a things setup
> so that the firewall can access internal systems with a rsa key.  I HAVE
> to use a password.  I do this, on the assumption that IF (when?) someone
> hacks the firewall, it will not be trivial to get to the protected
> systems.
>
> Is this reasonable? Am I missing something here? ASSUMING I pick good
> passwords, is it fair to say that password-based access is more secure
> than rsa keys?

Since most people use relatively insecure passwords, probably not.

What I would do is allow the firewall to pass on the RSA credentials.  Then 
allow login internall using an external SSH key.  You will then log in 
from outside to your firewall, then from your firewall to your inside 
system.  But if someone breaks into the firewall some other way, they will 
have no special permission to get to your inside machines.

Michael

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list