Le Lundi 20 Février 2006 00:29, Sylvain Beucler a écrit : > Hi, > > Is there a reason why there is no support for password > authentication. For example, SF allows you to connect to CVS using > your web interface password. (this is not practical but useful for > newbie who do not know how to deal with SSH keys yet) > > What I'd like to know is whether this is a security decision, a > technical limitation or a missing feature :)
This is a security decision. > Password-based auth is more vulnerable to brute-force attacks... but > so is the web interface then. It's also more vulnerable in the case of > host spoofing or typosquatting (with pub keys the priv key is never > transmitted, unlike the password) - but in this case it's the user > problem. It is true that in theory someone could by brute force attempt to break into a user account via the web interface. But there would be then more warning to the user (open session etc). If we think it is a problem, we can make a mail notification to be sent by the interface whenever ssh key changes. But one imperfection is no reason to encourage multiple imperfections. With the public/private SSH key, we have something almost unbreakable (I mean by that that apart people from the NASA or alikes, there is not many people that have the computer power to break such things). Why should we tolerate something less secure? It is not just a matter of break force attempt to steal accounts (which get logged and are easy to trace), it is also the matter of a case were passwords goes in the wild (like it happened to berlios a short time ago), it won't do any good directly via ssh, because the key is missing. At least, we know there is only one weak link password based, which is the web interface, that do not allow to interact directly with the project directories. Not to mention that in the past at GNU Savannah, there was no chrooted systems, so the SSH daemon was the same for root login than for developers. And the advantage of disallowing password for root login is quite obvious. People won't come up with keys by black magic. And in this case, there is no interaction at all with the web interface. So when you are in the case where you have to provide root login, I would say allowing password would definitely be a dumb idea. But indeed, nowadays developments platform does not use the same SSH daemon for root login and for developers login. Considering we speak of software development platforms, we can consider not to extreme to ask users to be able to create and use such key. -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+ _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
