Whats the difference between password+RSA,
and password-protected RSA ?
mmbsd1982 at yahoo.com
Mon Nov 21 21:19:04 UTC 2011
Let's say I'd like to add a small amount of extra security to my SSH login process.
Let's say I decide the way I want to do this is by requiring BOTH a password and an RSA key. There appear to be patches, or procedures, that allow me to do this. So to log in, I would be required to enter a normal unix password, but I would ALSO be required to hold a proper RSA public key.
My question is this:
In terms of security (and correctness ?) what's the difference between this (unix password + SSH RSA key) and simply generating my RSA key *with* a password ? Both ways require me to "have something" and "know something", but they are obviously different, technically.
Comments on the difference, and relative security of the two methods ?
More information about the freebsd-questions