Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Nov 2011 13:19:01 -0800 (PST)
From:      Mm Bsd <>
Subject:   Whats the difference between password+RSA, and password-protected RSA ?
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Let's say I'd like to add a small amount of extra security to my SSH login process.

Let's say I decide the way I want to do this is by requiring BOTH a password and an RSA key.  There appear to be patches, or procedures, that allow me to do this.  So to log in, I would be required to enter a normal unix password, but I would ALSO be required to hold a proper RSA public key.

My question is this:

In terms of security (and correctness ?) what's the difference between this (unix password + SSH RSA key) and simply generating my RSA key *with* a password ?  Both ways require me to "have something" and "know something", but they are obviously different, technically.

Comments on the difference, and relative security of the two methods ?

Want to link to this message? Use this URL: <>