Date: Mon, 21 Nov 2011 15:10:00 -0800 From: Patrick <gibblertron@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Whats the difference between password+RSA, and password-protected RSA ? Message-ID: <CA%2BdWbma7xPq3df6U18Ekrtv0ooNuU7uwzL0WfcU0tcR%2BHSOSXA@mail.gmail.com> In-Reply-To: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com> References: <1321910341.33510.YahooMailClassic@web124703.mail.ne1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the case of a passphrase-protected RSA key, the server knowsnothing about it, so you would never be able to enforce that. It's onthe client side that the key is decrypted with the passphrase beforesubmitting it to the server. Patrick On Mon, Nov 21, 2011 at 1:19 PM, Mm Bsd <mmbsd1982@yahoo.com> wrote: > Let's say I'd like to add a small amount of extra security to my SSH logi= n process. > > Let's say I decide the way I want to do this is by requiring BOTH a passw= ord and an RSA key. =A0There appear to be patches, or procedures, that allo= w me to do this. =A0So to log in, I would be required to enter a normal uni= x password, but I would ALSO be required to hold a proper RSA public key. > > My question is this: > > In terms of security (and correctness ?) what's the difference between th= is (unix password + SSH RSA key) and simply generating my RSA key *with* a = password ? =A0Both ways require me to "have something" and "know something"= , but they are obviously different, technically. > > Comments on the difference, and relative security of the two methods ? > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BdWbma7xPq3df6U18Ekrtv0ooNuU7uwzL0WfcU0tcR%2BHSOSXA>