On Sat, Nov 18, 2000 at 02:08:00PM +1100, Jeff Turner wrote:
> Hi,
>
> I have a policy question that's been generating fierce debate at our
> company (a web design shop with relatively light security requirements)
>
> Is the ability for users to set up "auto-login" (dispensing with
> passwords) bad? Let's say a user has set added their home machine's public
> key to the server's ~/.ssh/authorized_keys. Let's further assume that they
> did not type a passphrase when creating their private key.
>
> >From the sysadmin's point of view:
>
> Auto-login means that if any user's machine is compromised, the attacker
> has an account on the server too! The ssh auto-login feature allows
> users to create "webs of trust" completely outside the control of the
> sysadmin. It removes the password barrier between systems, and allows
> breakins to quickly propagate between systems. As such it is harmful and
> wrong, and should be switched off by default.
>
> A counterargument:
>
> In a properly configured system, it shouldn't *matter* if a user has
> malicious intentions, because they shouldn't be able to do harm anyway.
> Regular users make mistakes. They write their passwords on sticky labels
> on their monitor. Consequently one can *never* trust users not to harm the
> system. Now, ssh auto-login is just another potential way for a user to
> turn malicious, but to a properly configured system, a user's intentions
> are irrelevant. Furthermore, disabling ssh auto-login gives a false sense
> of security. At a *policy* level there is nothing wrong with auto-login.
Well, I can tell that none of your gang has ever worked in a military
contractor shop. The response there would be to make the users as harmelss
and impotent as possible, and still require both the public key and
password to log in.
And woe betide any employee caught with a password on a postit note on
his/her/its monitor. That is a potential criminal offense.
--
-- C^2
No windows were crashed in the making of this email.
Looking for fine software and/or web pages?
http://w3.trib.com/~ccurley
PGP signature
