Efficacy of SSH public key authentication

[obamatronic]

I have recently learned how to set up SSH connections using public-key authentication. This is all well and good and I can see the benefit of using this method for SSH connections.

However, once I have connected to the remote machine, aren't passwords still going to be required to perform certain functions (like su - or sudo)?

I am somewhat aware of other sudo authentication options such as SecureID, but what if I'm poor (LOL)?

In summary, why bother with SSH public key authentication if I will need passwords to use SUDO anyway?

P.S. Please recognize that my question is for the purpose of learning more... I do not presume to know what I am talking about.

 

[SirDice]

However, once I have connected to the remote machine, aren't passwords still going to be required to perform certain functions (like su - or sudo)?

Yes.

In summary, why bother with SSH public key authentication if I will need passwords to use SUDO anyway?

Because it's more secure than logging in with just a password.

Keep in mind that whatever you enter during that session is fully encrypted. Nobody will be able to see what you are doing. Hence it's not an issue to type a password.

 

[obamatronic]

Understood, but I can just type in my password while connecting via SSH. Why use public key encryption (other than minimizing the number of times I have to type my password) if there is no "cheap" way to eliminate passwords altogether?

(Thank you, by the way, for your answer. I don't mean to be argumentative. I just want to make sure I am thinking about this the right way).

 

[SirDice]

Understood, but I can just type in my password while connecting via SSH. Why use public key encryption (other than minimizing the number of times I have to type my password) if there is no "cheap" way to eliminate passwords altogether?

Because public-private key authentication is more secure. You will need to obtain both the key and it's password.

 

[kpa]

The whole point of public key authentication is that it removes the need to send and check passwords on the authentication server and replaces the passwords with an authentication method that can not be attacked with a brute force attack.

 

[SirDice]

It's a classic two-factor authentication. Something you have, the key, and something you know, the password.

Normal password authentication is just one factor, something you know, the password.

 

[gkontos]

You could try other forms of two-factor authentication that cost much less than SecurID.

Link: http://www.duosecurity.com/unix

 

[obamatronic]

The whole point of public key authentication is that it removes the need to send and check passwords on the authentication server and replaces the passwords with an authentication method that can not be attacked with a brute force attack.

KPA,

I think I see your point. The point is not so much eliminating passwords, but, in the case of remote access, preventing brute force attacks across the network to gain access to a system. Right?

 

[kpa]

Yes, allthough you can eliminate passwords alltogether when using public key authentication by using a secret key on the client machine that is not password protected. Not a recommended practice though. You can minimise the need to enter the secret key password all the time by using a key agent like ssh-agent(1) or pageant for putty on windows.

 

[obamatronic]

Got it. I read about such a setup in Michael W. Lucas' excellent book on SSH.

So, local passwords are still required, but using public key authentication provides additional (multi-factor) authentication security for remote access.

Thanks, all, for your replies! I've got a new wrinkle in my brain now.

 

[mwlucas@]

I've run servers without known local passwords on user accounts. All authentication done via ssh-agent, including sudo. You need a password for account mgmt, but not necessarily for the system.