Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
comparing SSH key and passphrase auth vs. an SSH key *with* a
1 view
Skip to first unread message
John Case
Sep 11, 2014, 6:04:50 PM9/11/14
to
Hi,
I've always used SSH with simply a password. This has always worked fine
for me.
Lately, I've been thinking that I might like to increase my security by
using *both* a UNIX password and an SSH key. That is, I can't log in
unless I have my password and my key. However, it doesn't look like SSH
supports this - either you do unix password OR you do SSH key, it doesn't
look like there is any way to do both.
However, what I could do is only use an SSH key, but set a passphrase on
that key. The only difference here is that my safety is all bound up in
SSH, whereas before it was distributed between SSH and the OS.
So I'm curious...
What's the difference between using a UNIX password combined with an SSH
key (if that actually worked, which it doesn't) and using an SSH key with
a passphrase attached ? Is one of these better than the other ? Are they
the same ?
What's the difference ?
Thanks.
_______________________________________________
freebsd-...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
Charles Swiger
Sep 11, 2014, 6:58:38 PM9/11/14
to
Hi, John--
On Sep 11, 2014, at 3:04 PM, John Case <ca...@SDF.ORG> wrote:
> I've always used SSH with simply a password. This has always worked fine for me.
>
> Lately, I've been thinking that I might like to increase my security by using *both* a UNIX password and an SSH key. That is, I can't log in unless I have my password and my key. However, it doesn't look like SSH supports this - either you do unix password OR you do SSH key, it doesn't look like there is any way to do both.
True. SSH lists a set of alternatives like:
debug1: Authentications that can continue: publickey,keyboard-interactive
...and each one is a separate valid method to login.
> However, what I could do is only use an SSH key, but set a passphrase on that key. The only difference here is that my safety is all bound up in SSH, whereas before it was distributed between SSH and the OS.
>
> So I'm curious...
>
> What's the difference between using a UNIX password combined with an SSH key (if that actually worked, which it doesn't) and using an SSH key with a passphrase attached ? Is one of these better than the other ? Are they the same ?
>
> What's the difference ?
They are not the same. Your UNIX password is traditionally a string which is salted and encrypted using DES, SHA1, or similar. An SSH key is actually RSA or DSA public key pair which can be manipulated as generic ASN.1 data via openssl rsa or openssl dsa.
For example, you can add or remove a passphrase from an existing keypair via the following:
cd ~/.ssh
mv id_dsa id_dsa_201409191
openssl dsa -in id_dsa_20140911 -passout 'pass:mypass' -des3 -out id_dsa
chmod go-rw id_dsa
...although using AES128 or stronger might be prudent, if everything you login to supports it.
(Some other folks seem to recommend using PKCS#8 format.)
If you want to improve security, however, either 2-factor auth or OPIE / one-time passwords would be better than SSH key+passphrase.
Regards,
--
-Chuck
On Sep 11, 2014, at 3:04 PM, John Case <ca...@SDF.ORG> wrote:
> I've always used SSH with simply a password. This has always worked fine for me.
>
> Lately, I've been thinking that I might like to increase my security by using *both* a UNIX password and an SSH key. That is, I can't log in unless I have my password and my key. However, it doesn't look like SSH supports this - either you do unix password OR you do SSH key, it doesn't look like there is any way to do both.
debug1: Authentications that can continue: publickey,keyboard-interactive
...and each one is a separate valid method to login.
> However, what I could do is only use an SSH key, but set a passphrase on that key. The only difference here is that my safety is all bound up in SSH, whereas before it was distributed between SSH and the OS.
>
> So I'm curious...
>
> What's the difference between using a UNIX password combined with an SSH key (if that actually worked, which it doesn't) and using an SSH key with a passphrase attached ? Is one of these better than the other ? Are they the same ?
>
> What's the difference ?
For example, you can add or remove a passphrase from an existing keypair via the following:
cd ~/.ssh
mv id_dsa id_dsa_201409191
openssl dsa -in id_dsa_20140911 -passout 'pass:mypass' -des3 -out id_dsa
chmod go-rw id_dsa
...although using AES128 or stronger might be prudent, if everything you login to supports it.
(Some other folks seem to recommend using PKCS#8 format.)
If you want to improve security, however, either 2-factor auth or OPIE / one-time passwords would be better than SSH key+passphrase.
Regards,
--
-Chuck
Bernt Hansson
Sep 11, 2014, 8:22:30 PM9/11/14
to
On 2014-09-12 00:04, John Case wrote:
>
> Hi,
>
> I've always used SSH with simply a password. This has always worked
> fine for me.
>
> Lately, I've been thinking that I might like to increase my security by
> using *both* a UNIX password and an SSH key. That is, I can't log in
> unless I have my password and my key. However, it doesn't look like SSH
> supports this - either you do unix password OR you do SSH key, it
> doesn't look like there is any way to do both.
>
> However, what I could do is only use an SSH key, but set a passphrase on
> that key. The only difference here is that my safety is all bound up in
> SSH, whereas before it was distributed between SSH and the OS.
>
> So I'm curious...
>
> What's the difference between using a UNIX password combined with an SSH
> key (if that actually worked, which it doesn't) and using an SSH key
> with a passphrase attached ? Is one of these better than the other ?
> Are they the same ?
>
> What's the difference ?
Check out the handbook
>
> Hi,
>
> I've always used SSH with simply a password. This has always worked
> fine for me.
>
> Lately, I've been thinking that I might like to increase my security by
> using *both* a UNIX password and an SSH key. That is, I can't log in
> unless I have my password and my key. However, it doesn't look like SSH
> supports this - either you do unix password OR you do SSH key, it
> doesn't look like there is any way to do both.
>
> However, what I could do is only use an SSH key, but set a passphrase on
> that key. The only difference here is that my safety is all bound up in
> SSH, whereas before it was distributed between SSH and the OS.
>
> So I'm curious...
>
> What's the difference between using a UNIX password combined with an SSH
> key (if that actually worked, which it doesn't) and using an SSH key
> with a passphrase attached ? Is one of these better than the other ?
> Are they the same ?
>
> What's the difference ?
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html
Matthew Seaman
Sep 12, 2014, 2:16:37 AM9/12/14
to
On 11/09/2014 23:04, John Case wrote:
> What's the difference between using a UNIX password combined with an SSH
> key (if that actually worked, which it doesn't) and using an SSH key
> with a passphrase attached ? Is one of these better than the other ?
> Are they the same ?
With ssh key based auth, an attacker needs to obtain both your ssh
> What's the difference between using a UNIX password combined with an SSH
> key (if that actually worked, which it doesn't) and using an SSH key
> with a passphrase attached ? Is one of these better than the other ?
> Are they the same ?
private key and the passphrase used to decrypt it. For password based
auth, all they need is the password. Key based auth is definitely the
better choice out of those two.
When using ssh key based auth, it is vitally important to only store
your private key on a secure system: typically this would be your
desktop or personal laptop -- which may cause some cognitive dissonance
with the ideal of 'secured.' Do use disk encryption on the machine
where you store your keys. Alternatively, keep your keys on an
encrypted USB stick.
Do use ssh-agent(8) or gpg-agent(8) (which I prefer) and the
'ForwardAgent' (-A) option if you need to hop through one machine to
reach another. Do not copy your private key to the 1st machine in that
situation.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
John Case
Sep 15, 2014, 3:07:09 PM9/15/14
to
On Thu, 11 Sep 2014, Charles Swiger wrote:
> If you want to improve security, however, either 2-factor auth or OPIE /
> one-time passwords would be better than SSH key+passphrase.
old password, yes ?
Charles Swiger
Sep 15, 2014, 3:13:11 PM9/15/14
to
On Sep 15, 2014, at 12:07 PM, John Case <ca...@SDF.ORG> wrote:
> On Thu, 11 Sep 2014, Charles Swiger wrote:
>> If you want to improve security, however, either 2-factor auth or OPIE / one-time passwords would be better than SSH key+passphrase.
>
>
> Ok, thanks - but SSH key+passphrase is still much better than just plain old password, yes ?
Yes, it's better. However, the default storage that SSH uses for private keys with a passphrase isn't as strong as it could be.
> On Thu, 11 Sep 2014, Charles Swiger wrote:
>> If you want to improve security, however, either 2-factor auth or OPIE / one-time passwords would be better than SSH key+passphrase.
>
>
> Ok, thanks - but SSH key+passphrase is still much better than just plain old password, yes ?
Regards,
--
-Chuck
Michael Sierchio
Sep 15, 2014, 4:27:42 PM9/15/14
to
On Mon, Sep 15, 2014 at 12:13 PM, Charles Swiger <csw...@mac.com> wrote:
> On Sep 15, 2014, at 12:07 PM, John Case <ca...@SDF.ORG> wrote:
>> Ok, thanks - but SSH key+passphrase is still much better than just plain old password, yes ?
>
> Yes, it's better. However, the default storage that SSH uses for private keys with a passphrase isn't as strong as it could be.
Agreed. Though there are different kinds of threats. Disabling
> On Sep 15, 2014, at 12:07 PM, John Case <ca...@SDF.ORG> wrote:
>> Ok, thanks - but SSH key+passphrase is still much better than just plain old password, yes ?
>
> Yes, it's better. However, the default storage that SSH uses for private keys with a passphrase isn't as strong as it could be.
password auth means no brute force password attempt will work. If you
do as I do and store your encrypted SSH key on a secure (assume for
the moment that's true :-) USB vault, and add it to an ssh-agent on
the local host, and enable agent forwarding - we've come close to SSO
with reasonable security.
Newer versions of OpenSSH support pam-google-authenticator, which is a
very nice way of accomplishing multifactor authentication. I tend to
use this everywhere. Central management is left as an exercise for the
reader (pam_url on Linux is a possible starting point).
- M
Daniel Staal
Sep 17, 2014, 12:00:38 AM9/17/14
to
--As of September 15, 2014 7:09:46 PM +0000, John Case is alleged to have
said:
>> Key based auth is definitely the better choice out of those two.
>
>
> Ok, agreed.
>
> However, just out of curiousity - let's pretend that sshd *did* allow you
> to use both an SSH key and a UNIX password at the same time ... would
> that be more or less secure than using an SSH key with a built-in
> passphrase ?
--As for the rest, it is mine.
Lots of variables there: How does sshd store the password? (Does it use
the system's user password? How are you storing that?) Can you *require*
using a password with a SSH key? How does the SSH key store the password?
etc.
On a basic level, at that point you need both something you have (the SSH
key) and something you know (the password). The two pieces are the same in
both cases, so the security comes down to implementations - and since one
isn't implemented, we can't compare implementations. ;) Chuck mentioned
that the storage for passwords with private keys isn't super great, so if
it used the system's user password that should be better - because there's
been a lot of work on storing those securely.
BTW: Since a couple of people have pointed to Google's two-factor system, I
thought I'd point to my current favorite: Yubikey[1]. There's a PAM
module, so it can be set up moderately easily. (I'll admit I haven't
tried: I mostly rely on physical security for my main network...)
Daniel T. Staal
[1]: <http://www.yubico.com/>
---------------------------------------------------------------
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------
said:
>> Key based auth is definitely the better choice out of those two.
>
>
>
> However, just out of curiousity - let's pretend that sshd *did* allow you
> to use both an SSH key and a UNIX password at the same time ... would
> that be more or less secure than using an SSH key with a built-in
> passphrase ?
--As for the rest, it is mine.
Lots of variables there: How does sshd store the password? (Does it use
the system's user password? How are you storing that?) Can you *require*
using a password with a SSH key? How does the SSH key store the password?
etc.
On a basic level, at that point you need both something you have (the SSH
key) and something you know (the password). The two pieces are the same in
both cases, so the security comes down to implementations - and since one
isn't implemented, we can't compare implementations. ;) Chuck mentioned
that the storage for passwords with private keys isn't super great, so if
it used the system's user password that should be better - because there's
been a lot of work on storing those securely.
BTW: Since a couple of people have pointed to Google's two-factor system, I
thought I'd point to my current favorite: Yubikey[1]. There's a PAM
module, so it can be set up moderately easily. (I'll admit I haven't
tried: I mostly rely on physical security for my main network...)
Daniel T. Staal
[1]: <http://www.yubico.com/>
---------------------------------------------------------------
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------
Olivier Nicole
Sep 17, 2014, 2:18:46 AM9/17/14
to
Hi,
On Wed, Sep 17, 2014 at 11:00 AM, Daniel Staal <DSt...@usa.net> wrote:
> --As of September 15, 2014 7:09:46 PM +0000, John Case is alleged to have
> said:
>
>>> Key based auth is definitely the better choice out of those two.
>>
>>
>>
>> Ok, agreed.
>>
>> However, just out of curiousity - let's pretend that sshd *did* allow you
>> to use both an SSH key and a UNIX password at the same time ... would
>> that be more or less secure than using an SSH key with a built-in
>> passphrase ?
>
>
> --As for the rest, it is mine.
>
> Lots of variables there: How does sshd store the password? (Does it use the
> system's user password? How are you storing that?) Can you *require* using
> a password with a SSH key? How does the SSH key store the password? etc.
>
> On a basic level, at that point you need both something you have (the SSH
> key) and something you know (the password). The two pieces are the same in
> both cases, so the security comes down to implementations - and since one
> isn't implemented, we can't compare implementations. ;) Chuck mentioned
> that the storage for passwords with private keys isn't super great, so if it
> used the system's user password that should be better - because there's been
> a lot of work on storing those securely.
Is the password for the private key actually stored in the key? That
sounds odd to me. I'd better see the password being used to
encode/decode the private key, so no need for storage of the password,
if you provide the wrong password, you decode the private key into
something that is not working, done.
Best regards,
olivier
>
> BTW: Since a couple of people have pointed to Google's two-factor system, I
> thought I'd point to my current favorite: Yubikey[1]. There's a PAM module,
> so it can be set up moderately easily. (I'll admit I haven't tried: I
> mostly rely on physical security for my main network...)
>
> Daniel T. Staal
>
> [1]: <http://www.yubico.com/>
>
> ---------------------------------------------------------------
> This email copyright the author. Unless otherwise noted, you
> are expressly allowed to retransmit, quote, or otherwise use
> the contents for non-commercial purposes. This copyright will
> expire 5 years after the author's death, or in 30 years,
> whichever is longer, unless such a period is in excess of
> local copyright law.
> ---------------------------------------------------------------
On Wed, Sep 17, 2014 at 11:00 AM, Daniel Staal <DSt...@usa.net> wrote:
> --As of September 15, 2014 7:09:46 PM +0000, John Case is alleged to have
> said:
>
>>> Key based auth is definitely the better choice out of those two.
>>
>>
>>
>> Ok, agreed.
>>
>> However, just out of curiousity - let's pretend that sshd *did* allow you
>> to use both an SSH key and a UNIX password at the same time ... would
>> that be more or less secure than using an SSH key with a built-in
>> passphrase ?
>
>
> --As for the rest, it is mine.
>
> Lots of variables there: How does sshd store the password? (Does it use the
> system's user password? How are you storing that?) Can you *require* using
> a password with a SSH key? How does the SSH key store the password? etc.
>
> On a basic level, at that point you need both something you have (the SSH
> key) and something you know (the password). The two pieces are the same in
> both cases, so the security comes down to implementations - and since one
> isn't implemented, we can't compare implementations. ;) Chuck mentioned
> that the storage for passwords with private keys isn't super great, so if it
> used the system's user password that should be better - because there's been
> a lot of work on storing those securely.
sounds odd to me. I'd better see the password being used to
encode/decode the private key, so no need for storage of the password,
if you provide the wrong password, you decode the private key into
something that is not working, done.
Best regards,
olivier
>
> BTW: Since a couple of people have pointed to Google's two-factor system, I
> thought I'd point to my current favorite: Yubikey[1]. There's a PAM module,
> so it can be set up moderately easily. (I'll admit I haven't tried: I
> mostly rely on physical security for my main network...)
>
> Daniel T. Staal
>
> [1]: <http://www.yubico.com/>
>
> ---------------------------------------------------------------
> This email copyright the author. Unless otherwise noted, you
> are expressly allowed to retransmit, quote, or otherwise use
> the contents for non-commercial purposes. This copyright will
> expire 5 years after the author's death, or in 30 years,
> whichever is longer, unless such a period is in excess of
> local copyright law.
> ---------------------------------------------------------------
Matthew Seaman
Sep 17, 2014, 2:25:37 AM9/17/14
to
On 15/09/2014 20:09, John Case wrote:
>> Key based auth is definitely the better choice out of those two.
>> Key based auth is definitely the better choice out of those two.
> However, just out of curiousity - let's pretend that sshd *did* allow
> you to use both an SSH key and a UNIX password at the same time ...
> would that be more or less secure than using an SSH key with a built-in
> you to use both an SSH key and a UNIX password at the same time ...
> passphrase ?
That's just like sprinkling sugar on top of honey: it doesn't really
achieve anything. You've got maybe 2048 bits of SSH key and you want to
add of the order of a hundred bits of password on top of that? It would
be better to just use a bigger SSH key.
If you are so concerned about security and you need something more than
what ssh-key based auth can provide, then look into one-time password
style things -- which includes all sorts of hardware tokens -- or
kerberos / gssapi setups -- which use cryptographic methods vaguely
similar to SSH keys, but store the sensitive keying material in a way
that makes it much less likely to be compromised.
0 new messages