- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ssh .. passphrase or password?? Is this workin...
Operating System - HP-UX
1820879
Members
4004
Online
109628
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 12:11 PM
тАО12-19-2003 12:11 PM
ssh .. passphrase or password?? Is this working?
Hello
I am working on an ssh project.
And I am trying different things.
First I have already installed the hpux ssh depot. And I am using putty and reflections 10.0 for testing.
putty:
I load the passphrase and when I log into my server it will ask for a passphrase but no system password.
reflections:
I load the the public key and I can log in but it does not ask me for a passphrase but it will log in with the system password.
Either way when I grep for ssh
I see the proccess using priv.
sshd: jowings [priv]
What is the difference?
What is everyone using out there?
I dont really like just having a passphrase how secure is this really?
Can I have system password and the passphase?
Is ssh working on both tests?
How can I test that ssh is working?
Thanks
Richard
I am working on an ssh project.
And I am trying different things.
First I have already installed the hpux ssh depot. And I am using putty and reflections 10.0 for testing.
putty:
I load the passphrase and when I log into my server it will ask for a passphrase but no system password.
reflections:
I load the the public key and I can log in but it does not ask me for a passphrase but it will log in with the system password.
Either way when I grep for ssh
I see the proccess using priv.
sshd: jowings [priv]
What is the difference?
What is everyone using out there?
I dont really like just having a passphrase how secure is this really?
Can I have system password and the passphase?
Is ssh working on both tests?
How can I test that ssh is working?
Thanks
Richard
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-19-2003 08:10 PM
тАО12-19-2003 08:10 PM
Re: ssh .. passphrase or password?? Is this working?
As far as being able to tell if ssh is working, you can run netstat to see what ports are in use. If you're using port 22 then you've got an ssh session going.
From the SSH session you can type "~?" to get a responce (list of prompts) form ssh.
I don't think you can have both key authentication and password authentication. It trys one then the other if the first one doesn't work.
I've never used key authentication, but I think it's a secure if not more secure than password authentication. Good luck. I hope you post your results on ITRC.
Tom
From the SSH session you can type "~?" to get a responce (list of prompts) form ssh.
I don't think you can have both key authentication and password authentication. It trys one then the other if the first one doesn't work.
I've never used key authentication, but I think it's a secure if not more secure than password authentication. Good luck. I hope you post your results on ITRC.
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2003 05:24 PM
тАО12-20-2003 05:24 PM
Re: ssh .. passphrase or password?? Is this working?
Passphrases are more secure than passwords. The number of possible passwords is quite limited, hence can be found by any decent processor in a matter of weeks.
Best for both security and ease of use would be to use a keypair, of which your private key is protected with a passphrase.
Also make sure you don't use or allow ssh1 since it's not secure. ssh2 is the way.
greets
Wout
Best for both security and ease of use would be to use a keypair, of which your private key is protected with a passphrase.
Also make sure you don't use or allow ssh1 since it's not secure. ssh2 is the way.
greets
Wout
an engineer's aim in a discussion is not to persuade, but to clarify.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2003 04:36 AM
тАО12-21-2003 04:36 AM
Re: ssh .. passphrase or password?? Is this working?
I have seen this problem before when doing compatibility testing with F-Secure and Putty. If you set a pre-login banner it will not be displayed in Putty.
Try running the sshd with the debug option as it sounds as though Reflections is either not treating the key in the right way, or is not fully compatible, therefore sshd is rejecting the key and falling back to the password.
Try running the sshd with the debug option as it sounds as though Reflections is either not treating the key in the right way, or is not fully compatible, therefore sshd is rejecting the key and falling back to the password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2003 05:55 AM
тАО12-21-2003 05:55 AM
Re: ssh .. passphrase or password?? Is this working?
I'd try some tests with ssh -v
There are other options in the man page that might be useful as well.
That will get you some diagnostics to work with.
SEP
There are other options in the man page that might be useful as well.
That will get you some diagnostics to work with.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2003 06:51 PM
тАО12-21-2003 06:51 PM
Re: ssh .. passphrase or password?? Is this working?
Hi Richard,
Using public key authentication rather than standard password login is more secure in that the user's private key is never revealed to the server, so even if the server system is compromised, the attacker will not gain access to the private key. With password authentication, once the attacker has the password file (shadow file, tcb directory tree, whatever) and can run a brute-force cracker over it, the accounts are compromised, and the attacker will be able to try using the passwords gleaned to attack other systems.
I find my major concern with the public key authentication method is that the protection of the private key is at the discretion of the remote user. Normally this key is stored in an encypted form on the remote user's system, protected by the passphrase (hence the need to enter a passphrase when using this method). However, the server has no control over this - the remote user can choose a non-secure passphrase, or to have no passphrase at all protecting their private key, and the server has no way of knowing this.
Personally I prefer to use the public key method with a good strong passphrase protecting my private key.
Duncan
Using public key authentication rather than standard password login is more secure in that the user's private key is never revealed to the server, so even if the server system is compromised, the attacker will not gain access to the private key. With password authentication, once the attacker has the password file (shadow file, tcb directory tree, whatever) and can run a brute-force cracker over it, the accounts are compromised, and the attacker will be able to try using the passwords gleaned to attack other systems.
I find my major concern with the public key authentication method is that the protection of the private key is at the discretion of the remote user. Normally this key is stored in an encypted form on the remote user's system, protected by the passphrase (hence the need to enter a passphrase when using this method). However, the server has no control over this - the remote user can choose a non-secure passphrase, or to have no passphrase at all protecting their private key, and the server has no way of knowing this.
Personally I prefer to use the public key method with a good strong passphrase protecting my private key.
Duncan
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP