What's the benefit of using asymmetric keys over passwords?
Solution 1:
Is there a benefit to using keys over regular passwords when it comes to logging into a remote server over SSH? (Besides not having to remember/input that password)
Two simple benefits are:
- Keys are much less guessable. They are generated randomly, so an attacker has to have some access to the key material. This is not true when your password is '
secret
'. - The access granted to the possessor of the key is configurable in the authorized_keys file per
man sshd
Note, however, that having the keys unprotected on disk is LESS secure than having a secure password in your brain. Access to the disk can be gained without your knowledge. I doubt the same is true for your brain. A good approach is a combination of the two: Protect your private key with a secure password.
Solution 2:
If you put a password on that assymetric key, you can keep using the same password well beyond what your sysadmin has configured for password rotation AND leverage the benefits of two factor security. Lose that laptop with the key on it? You are not nearly as screwed!
Solution 3:
Yes. If the keypair is compromised -- for example if you lose your laptop with a private key -- you can disable that key on the server and be secure once more.
If you had stored the password on that laptop, you would need to change the password in order to regain a secure system. Now you would also have to change the stored passwords on all you client machines. Much more work :)