Hi Marko, > Using the ssh key can be problematic because it is too long and too random to > be memorized --- you have to carry it on a usb stick (or whereever). This > provides an additional point of failure should your stick get lost or stolen.
this is only correct when you use SSH keys without a sufficiently secure passphrase. Which you obviously should never do. If you have a passphrase with your key, finding or stealing the USB stick is completely useless, and even if someone gets at your key, your no worse off than with password authentication. > Human brain is still by far the most secure information-storage device. :-) I strongly disgree. Social engineering is a very efficient way to get at other people's data. > It is very inconvenient for people who need to login to their servers from > random remote locations (ie. people who travel a lot or work in hardware- > controlled environment). Agreed. > Besides, it is essentially a question of overkill. If password is not good > enough, you could argue that the key is also not good enough --- two keys (or > a larger one) would be more secure. Where do you draw the line? One key is indefinitely better than a password. The additional security you gain when you add another key is, however, disputable. Best regards, Peter. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
