From owner-freebsd-questions@FreeBSD.ORG Mon Sep 15 19:13:12 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C77DB14 for ; Mon, 15 Sep 2014 19:13:12 +0000 (UTC) Received: from mail-in7.apple.com (mail-out7.apple.com [17.151.62.29]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C43B10F for ; Mon, 15 Sep 2014 19:13:12 +0000 (UTC) Received: from mail-out.apple.com (mail-out.apple.com [17.151.62.51]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail-in7.apple.com (Apple Secure Mail Relay) with SMTP id 98.66.31401.74A37145; Mon, 15 Sep 2014 12:13:11 -0700 (PDT) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from relay7.apple.com ([17.128.113.101]) by local.mail-out.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTP id <0NBY004MVIPQZ9L0@local.mail-out.apple.com> for freebsd-questions@freebsd.org; Mon, 15 Sep 2014 12:13:11 -0700 (PDT) X-AuditID: 11973e16-f793b6d000007aa9-29-54173a479973 Received: from [17.149.234.247] (Unknown_Domain [17.149.234.247]) (using TLS with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by relay7.apple.com (Apple SCV relay) with SMTP id F8.6F.19908.03A37145; Mon, 15 Sep 2014 12:12:49 -0700 (PDT) Subject: Re: comparing SSH key and passphrase auth vs. an SSH key *with* a passphrase ... From: Charles Swiger In-reply-to: Date: Mon, 15 Sep 2014 12:13:11 -0700 Message-id: References: <08D7B04D-CBBF-4330-BAD6-2668F9560964@mac.com> To: John Case X-Mailer: Apple Mail (2.1878.6) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPLMWRmVeSWpSXmKPExsUiON3OWNfdSjzE4P19E4uXXzexODB6zPg0 nyWAMYrLJiU1J7MstUjfLoEr48TjwoK/zBX/v9k3ME5k7mLk5JAQMJFY8uABG4QtJnHh3nog m4tDSGAWk8S7tqWMIAleAUGJH5PvsXQxcnAwC8hLHDwvCxJmFtCS+P6olQWifimTRPe7f3BD lzdMhEr0M0ksvrEJbIOwQLTE6YtTGUEGsQmoSUyYyAMS5hRwlfhw/D47iM0ioCrRt/kcI8QC XYmmG2+hbrCSWNc/Ceq4jYwSU3e/YgJJiAjISDx4tIgRYrG8xIcPx9lBiiQEPrNKHP4/lXUC o/AsJE/MQnhiFpInFjAyr2IUyk3MzNHNzDPXSywoyEnVS87P3cQICWGxHYwPV1kdYhTgYFTi 4T0xQSxEiDWxrLgy9xCjNAeLkjjvI0vxECGB9MSS1OzU1ILUovii0pzU4kOMTBycUg2Mx5PT v/1x1kqI+5j49Y9YwrXdZ2MSTvwvYGae6mfIpNMreCH5nGDklZ6SB+IXox9mf73BEfRvt0B8 deSV6gnbN4W9mxzsE/Fs7vR0ccb+R2oi3Zyc/ctnd5mvD2X19mZgqfykkb+H+QNL/N9tp3gK vT/vT9zHGiwiuMDsJpNFDkub+8zHb84rsRRnJBpqMRcVJwIAD2F/0EICAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrELMWRmVeSWpSXmKPExsUiOPXVd11DK/EQgw8dbBZHZkRYvPy6icWB yWPGp/ksHj+nTmUMYIrisklJzcksSy3St0vgyrg+YwdLQQ9LxarDDewNjHOZuxg5OSQETCSW N0xkgbDFJC7cW8/WxcjFISTQzyTxaV0jK0iCWUBL4sa/l0wgNq+AgcSSXZvAmoUFIiUWPtoC VMPBwSagJjFhIg9ImFPAVeLNvw1gJSwCqhJ9m88xQozRlWi68RbK1pZYtvA1M8RIK4nuhZtY IPauZZRoOPuBDSQhIiAj8eDRIkaI4+QlPnw4zj6BkX8WkpNmITlpFpK5CxiZVzEKFKXmJFaa 6yUWFOSk6iXn525iBIVcQ2HqDsbG5VaHGAU4GJV4eAv6xEKEWBPLiitzDzFKcDArifCGa4mH CPGmJFZWpRblxxeV5qQWH2KU5mBREue9/1gwREggPbEkNTs1tSC1CCbLxMEp1cAYnzIn7Mmq 4JyrK6r339F/Khu3/8th7u/R4bZKj5/qd0ddSKl0+PPLofDKA1V2sXrL4vVPYj7teP95w7O/ h0qvljDs0hWVTlvKq3P017nHzfJd987kaN96Oe+bs/O970W3Np44LGDfP+fWkZaXGp/VzEPa rrN+11RP2PUt4drFx7tWhZqcypP8rcRSnJFoqMVcVJwIAJNoCy41AgAA Cc: FreeBSD - X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Sep 2014 19:13:12 -0000 On Sep 15, 2014, at 12:07 PM, John Case wrote: > On Thu, 11 Sep 2014, Charles Swiger wrote: >> If you want to improve security, however, either 2-factor auth or OPIE / one-time passwords would be better than SSH key+passphrase. > > > Ok, thanks - but SSH key+passphrase is still much better than just plain old password, yes ? Yes, it's better. However, the default storage that SSH uses for private keys with a passphrase isn't as strong as it could be. Regards, -- -Chuck