|
|
Modify Remote Login server to block scripted attacks
Your PhD's are right, of course. ;) However, I'd guess that there are very few (feasible) processes you could envision that they couldn't find a flaw in; it's their (and my) job to find the chink in the armor. Take their comments as a warning: safeguard your private keys like you would the keys to your house (or similar--it of course depends on how important those systems/data are). First, PUT A PASSPHRASE ON YOUR KEY! I can't stress that enough. Yes, you'll have to type that in until you get an agent set up (keep reading), but it's just the one passphrase. That said, you probably don't need 5 sets of keys to ssh between 5 systems. You only need one set, with the public key on all systems. The private key should be on the one system you work at. If you sit in front of a different keyboard each day, put the private key on a USB flash drive or something. I suggest a cheap, small device used only for this and other very sensitive stuff--otherwise I'd have said iPod. (You don't want your private key on something that you stick into "untrusted" systems.) SSH supports "credential forwarding." In other words, you can use your private key to authenticate to the first host. After that, each host you connect to forwards authentication requests through the host(s) you're already connected to. Your single private key stays in one place, which is good because you're more likely to know if you've lost it--and that's what your PhD's are really after. To get full mileage out of this technique, you'll probably want an SSH Key Agent. These work a lot like Apple's Keychain, but they're for SSH keys. Your SSH client (in terminal, an SFTP client, etc.) hands off the authentication request to your agent, which services it with your private key. If you set things up right, you rarely have to enter any pass-phrases at all, but you retain most or all of the security protections. I use SSHKeychain, and am very satisfied with it because of it's simple integration with Apple's Keychain and its built-in support for SSH tunnels. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.14 seconds |
|