openssh unix dev - Oct 2024 - Security of ssh across a LAN, public key versus password

OK, I think I have realised what has been confusing me (and, maybe
you, in the plural).

I have been looking at this security question with a sort of 'tunnel
vision', I'm concerned with login security of remote systems **when
viewed from my desktop**.  For this specific case, i.e. when someone
is sitting at my desk, or has my laptop in front of them, there is
little to choose between password and public-key authentication. To
break either, all the intruder has to do is guess/break my password or
the passphrase protecting my public-key.

**However** from the point of view of a system 'out there' on the
public accessible internet, open to connections from anywhere,
key-based authentication is much more secure because an attacker has
to guess/break a very long (400 or 500 character) key rather than a 10
or 20 character password.


So, for systems on my LAN which don't have 'internet facing' ssh
access I'm now fairly convinced that password based security is fine. 
My desktop, which *does* have (limited) accessibility from the
internet should probably allow only key-based ssh access from outside. 

Any system which is open (even if limited by means such as allowing
access only from certain IP ranges etc.) to internet access should
preferably allow only key-based ssh authentication so that (relatively
short) password guessing isn't possible.

On the other hand, for systems on my LAN and/or any other system which
isn't open to anyone to attack, password based authentication is quite
OK.


Thanks for all the help and useful discussion everyone. :-)

-- 
Chris Green

On 2024-10-22 09:14, Chris Green wrote:
> OK, I think I have realised what has been confusing me (and, maybe
> you, in the plural).
> 
> I have been looking at this security question with a sort of 'tunnel
> vision', I'm concerned with login security of remote systems **when
> viewed from my desktop**.  For this specific case, i.e. when someone
> is sitting at my desk, or has my laptop in front of them, there is
> little to choose between password and public-key authentication. To
> break either, all the intruder has to do is guess/break my password or
> the passphrase protecting my public-key.
A little late to chime in, but if you are so concerned about access to
your laptop, there are measures unrelated to SSH you could take. Your
scenario sounds as if anyone could sit down at your desk and immediately
proceed to brute-forcing your credentials for SSH connections. Wouldn't
it be possible to physically restrict access to your desk and/or laptop?

- Jan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20241022/4da0a93b/attachment.asc>

On 2024/10/22 09:14, Chris Green wrote:
> I have been looking at this security question with a sort of 'tunnel
> vision', I'm concerned with login security of remote systems **when
> viewed from my desktop**.  For this specific case, i.e. when someone
> is sitting at my desk, or has my laptop in front of them, there is
> little to choose between password and public-key authentication.
Also consider the case of connecting to a malicious remote host. Either
a totally illegitimate host where you don't have a known_hosts entry or
fingerprint to check, or where a "good" host has been compromised.

With public keys, your password is not sent to the remote system.

With passwords, a modified sshd could log your password (avoiding any
need to brute-force the hash from the password database).