Daniel Woods wrote:
> Subject: Re: OpenSSH(2) passphrase AND password?
>
> I have wondered the same thing. What is the point of having/using a
> passphrase if it can be ignored and simply use the password instead.
> I'm new to SSH2 using latest OpenSSH and found that if I type the
> wrong passphrase, I get the password prompt. So what is stopping
> someone else who may have compromised (stolen) my password from
> one of my non-secure accounts (where I use telnet) to simply bypass
> the passphrase and use the password to get in ?
Well, if you are truly concerned about security, then you should use
different passwords for different machines/networks.
I am not a developer of ssh, but I don't think the passphrase was intended
to be used as a second password, but rather as an alternative one for use
in the more risky situations surrounding connections across an untrusted
network.
> Conceptionally I woud have expected SSH2 protocol to require passphrase
> only or *both* with the password. This means that even if someone gets
> your password, they can't get in to your secure accounts (where I use
> ssh). Without this basic concept in place, the whole SSH protocol is
> nothing more than an encrypted telnet session.
If you connect into(from) a secure environment from(into) an insecure one,
then you are at equal risk for compromising both your password and your
passphrase. SSH should always be started from the local host (or at least
on the same trusted network), otherwise it is no more secure than not
using ssh at all, no matter how many passwords or passphrases one uses.
If your goal is simply to make it harder to connect, then you can just
require longer passwords, and double-check them with something like
npasswd.
> The other problem with this is
> someone getting access to one machine and because of .rhosts or
> .shosts being setup, they can gain access to the others.
This is a problem, but you do not need to use .rhosts or .shosts.
I do not use them.
> At work I use secureID *and* a password, one is useless without the
> other. IMHO, this is what SSH2 should be as well... passphrase AND
> password.
I see requiring both as enhancing user inconvenience with no increase in
security. One might be better off using one of the several systems which
automatically change passwords every 30~120 minutes.
Of course, if you properly use tcp_wrappers, close unnecessary ports, and
use sshd2_config:HostsDeny, then even if someone has stolen your password,
they will have difficulty using it.
> Thanks... Dan.
>-- End of excerpt from Daniel Woods
