[ale] Most Secure SSH
Michael D. Hirsch
mhirsch at nubridges.com
Fri Aug 29 10:51:02 EDT 2003
On Thursday 28 August 2003 08:45 pm, David Corbin wrote:
> Currently I have firewall. I have it pretty well tightened down, but I
> do have SSH open, as I need to access my system(s) from the office. I
> use an rsa key to access this, though I can access with with just a
> password.
>
> Now, if I need to get to one of my systems that is behind the firewall,
> I can access them using ssh. Currently, I do not have a things setup
> so that the firewall can access internal systems with a rsa key. I HAVE
> to use a password. I do this, on the assumption that IF (when?) someone
> hacks the firewall, it will not be trivial to get to the protected
> systems.
>
> Is this reasonable? Am I missing something here? ASSUMING I pick good
> passwords, is it fair to say that password-based access is more secure
> than rsa keys?
Since most people use relatively insecure passwords, probably not.
What I would do is allow the firewall to pass on the RSA credentials. Then
allow login internall using an external SSH key. You will then log in
from outside to your firewall, then from your firewall to your inside
system. But if someone breaks into the firewall some other way, they will
have no special permission to get to your inside machines.
Michael
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list