[SOLVED] SSH security. Passphrase authentication problem?
Posted: Mon Mar 25, 2013 6:53 am
I've read tutorials on ssh and how to configure sshd_config as well as several forum posts on the topic.
Problem: When connect to my ssh server from WAN i'm only asked for username and password, not passphrase.
What I did:
sshd resides on LAN 192.168.0.101. From another pc (192.168.0.102) on the LAN, using Putty, I generated rsa keys with passphrase. scp'ed the pulic key to homedir on 192.168.0.101 and added the key to ~/.ssh/athorized_keys
I also changed permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
I logged in from 192.168.0.102 and was asked for the passphrase - worked fine.
Then I visited a friend and logged in on my ssh server from his computer with Putty (from WAN side, that is). This worked fine, but I wasn't asked for a passphrase - only username and password. This means my server is open to brute force attacks, no?
I might have misunderstood something fundamental, but was under the impression that encrypted keys provided an extra layer of security not only by encrypting traffic but also by requiring a passphrase?
Problem: When connect to my ssh server from WAN i'm only asked for username and password, not passphrase.
What I did:
sshd resides on LAN 192.168.0.101. From another pc (192.168.0.102) on the LAN, using Putty, I generated rsa keys with passphrase. scp'ed the pulic key to homedir on 192.168.0.101 and added the key to ~/.ssh/athorized_keys
I also changed permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/authorized_keys
I logged in from 192.168.0.102 and was asked for the passphrase - worked fine.
Then I visited a friend and logged in on my ssh server from his computer with Putty (from WAN side, that is). This worked fine, but I wasn't asked for a passphrase - only username and password. This means my server is open to brute force attacks, no?
I might have misunderstood something fundamental, but was under the impression that encrypted keys provided an extra layer of security not only by encrypting traffic but also by requiring a passphrase?