On Tuesday 24 October 2006 21:54, Atom Powers wrote: > On 10/24/06, Jeff MacDonald <[EMAIL PROTECTED]> wrote: > > Is there anything inherintaly dangerous or wrong about enabling > > PasswordAuthentication in sshd_config ? > > > > I understand how public keys are better and everything else. And > > I do use them. I'm just curious. > > There are many arguments for and against, but /inherintaly/ they > are the same. You are comparing your secret to the secret stored on > the server. Keys just tend to be much longer secrets, and are also > more difficult to change.
I don't know about that. With password authentication someone has to guess a valid username and password. With key authentication someone has to guess a valid username, key, and passphrase. While I have boxes that experience thousands of password based brute force attempts a day I don't recall anyone ever bothering to try and brute-force a key. My personal opionion is that if you are using key-based authentication you are for all practical purposes invulnerable to brute-forcing. The only way someone is going to get in is via an exploit in ssh or by stealing the key and passphrase from a valid user. -- Thanks, Josh Paetzel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"