From owner-freebsd-questions@FreeBSD.ORG Mon Nov 21 21:19:04 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB11D106564A for ; Mon, 21 Nov 2011 21:19:02 +0000 (UTC) (envelope-from mmbsd1982@yahoo.com) Received: from nm39-vm6.bullet.mail.ne1.yahoo.com (nm39-vm6.bullet.mail.ne1.yahoo.com [98.138.229.166]) by mx1.freebsd.org (Postfix) with SMTP id 8D6F18FC12 for ; Mon, 21 Nov 2011 21:19:02 +0000 (UTC) Received: from [98.138.90.51] by nm39.bullet.mail.ne1.yahoo.com with NNFMP; 21 Nov 2011 21:19:02 -0000 Received: from [98.138.89.249] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 21 Nov 2011 21:19:02 -0000 Received: from [127.0.0.1] by omp1041.mail.ne1.yahoo.com with NNFMP; 21 Nov 2011 21:19:02 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 43706.32403.bm@omp1041.mail.ne1.yahoo.com Received: (qmail 39058 invoked by uid 60001); 21 Nov 2011 21:19:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1321910341; bh=mGVjxx2XGxj/qz07qn+sYu7gvu423n8jOR4tyWSu35s=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=SnhGIqeiBgG4pMAWkOPxeb6ExclaLXzgH6fhFsLgqoM/fik8zQ7S9zCd5eq62FTV76ACnr0OrSrg9VsLw1YIigaymjhT40m4CdJPhKx4tUpvHQNrzjaLy+gR1xUJvGrDwvtcKlMOP4s7zTIThHF3i9JZOsIYSK+wFGr1kczdkJ4= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=OLCFUiTDRrzyEtVva46UmEchuQnuJGafVzJ4qts6jE5aRbmLh38skB1mk+boMDQ/cK+XmH7OjX1SUoVZE0KkD1oNZyn7/T60X/80lZbmlJYXjXwiPw9qh8Oo16UtoHs9TivM0Go/0OJVjFQxRIIun6f5Thq4Mn+Jgcniq7kHD+k=; X-YMail-OSG: fJCI.ZUVM1nHr_ch_HYy1LU8h4dRtXk3ouj8AgwXU7JULNQ hauCvL0bYO1qEzGfLS_R8TfQC5LskWJslgjDm8QXM9GGTs_1AHX6jl.l8RlR hzBVb75tP9GK1zH2JGNZJoqAX9vxr_ULnkV55r0BfdHhsnV4C4_wODwcNWIC BwfhTLMWDW0mF_dYDd00Pz5UDsm1oGvCAIagCmPW8Ewl.F8F8VzfGUpRZq9k a5qjgk_a0EHrGN3MHlvSA964kQG7awLZselY9JtB6IFzHqhltiivZvwwNfFy YUb4MFGilB_AqLHPFdGU_TsfxgpI8PUsWa3LboCOsZMJQpeXGC_Y2xznQ8Tn GZiDZcAXwFSJP1lXNDMh0t1ZsIwiszIlLwuPqxY5PNA-- Received: from [173.66.230.37] by web124703.mail.ne1.yahoo.com via HTTP; Mon, 21 Nov 2011 13:19:01 PST X-Mailer: YahooMailClassic/15.0.4 YahooMailWebService/0.8.115.325013 Message-ID: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com> Date: Mon, 21 Nov 2011 13:19:01 -0800 (PST) From: Mm Bsd To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Mon, 21 Nov 2011 22:56:32 +0000 Subject: Whats the difference between password+RSA, and password-protected RSA ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2011 21:19:04 -0000 Let's say I'd like to add a small amount of extra security to my SSH login process. Let's say I decide the way I want to do this is by requiring BOTH a password and an RSA key. There appear to be patches, or procedures, that allow me to do this. So to log in, I would be required to enter a normal unix password, but I would ALSO be required to hold a proper RSA public key. My question is this: In terms of security (and correctness ?) what's the difference between this (unix password + SSH RSA key) and simply generating my RSA key *with* a password ? Both ways require me to "have something" and "know something", but they are obviously different, technically. Comments on the difference, and relative security of the two methods ?