Thursday, June 5, 2008

Why you should always use SSH keys, not passwords

There are three main reasons for using SSH keys over passwords:

  • Security

    Since SSH keys are stored on your computer and never go over the wire, they are inherently more secure than passwords. Even if you pick a terrible passphrase for your SSH keys (or none at all), an attacker still has to get ahold of that key (barring someone patching your random number generator to return one of 2^10 numbers...)

  • Segmentation

    With passwords, if everyone needs access to an account on one of your servers, then everyone has to know the same password. If one of your coworkers goes insane, you have to change the password (and probably a lot more than one) whereas with SSH keys, you just remove their key from the authorized_keys file and they're gone, nobody else has to worry about it.

    Similarly, if people need access to some accounts and not others, you can segment access with keys much more easily than with passwords

  • Speed

    Entering passwords gets old really quick. With the superb ssh-agent in use, you shouldn't ever have to do that, and as long as you remember to lock your computer when you leave it, you're as secure as if you were typing your password in every time


majek said...

> Security: since SSH keys are stored
> on your computer and never go over
> the wire

If the bad guy owns a computer you're logged to, he also owns your ssh-agent forwarded connection. ie: he can connect everywhere you can from that machine.
Ssh-agent forwardng assumes that you trust the end node.


Justin George said...

that's entirely true, in my experience I tend to use SSH keys point-to-multipoint, so if they've owned the center node (usually my desktop) then I'm out of luck anyhow.

Still easier to revoke than it is to change passwords though.