From owner-freebsd-questions@FreeBSD.ORG  Thu Sep 11 22:23:09 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 39B96778
 for <freebsd-questions@freebsd.org>; Thu, 11 Sep 2014 22:23:09 +0000 (UTC)
Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1CBC0DBF
 for <freebsd-questions@freebsd.org>; Thu, 11 Sep 2014 22:23:07 +0000 (UTC)
Received: from otaku.freeshell.org (IDENT:case@otaku.freeshell.org
 [192.94.73.9])
 by sdf.lonestar.org (8.14.8/8.14.5) with ESMTP id s8BM4oNY000105
 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO)
 for <freebsd-questions@freebsd.org>; Thu, 11 Sep 2014 22:22:49 GMT
Date: Thu, 11 Sep 2014 22:04:50 +0000 (UTC)
From: John Case <case@SDF.ORG>
X-X-Sender: case@faeroes.freeshell.org
To: freebsd-questions@freebsd.org
Subject: comparing SSH key and passphrase auth vs. an SSH key *with* a
 passphrase ...
Message-ID: <Pine.NEB.4.64.1409112200270.27915@faeroes.freeshell.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 22:23:09 -0000


Hi,

I've always used SSH with simply a password.  This has always worked fine 
for me.

Lately, I've been thinking that I might like to increase my security by 
using *both* a UNIX password and an SSH key.  That is, I can't log in 
unless I have my password and my key.  However, it doesn't look like SSH 
supports this - either you do unix password OR you do SSH key, it doesn't 
look like there is any way to do both.

However, what I could do is only use an SSH key, but set a passphrase on 
that key.  The only difference here is that my safety is all bound up in 
SSH, whereas before it was distributed between SSH and the OS.

So I'm curious...

What's the difference between using a UNIX password combined with an SSH 
key (if that actually worked, which it doesn't) and using an SSH key with 
a passphrase attached ?  Is one of these better than the other ?  Are they 
the same ?

What's the difference ?

Thanks.