[SOLVED] Help with Ubuntu + MySQL

[Bitsky]

I guess I don't understand the point of authenticating with a key vs a really long complicated password.  Aren't they both effectively the same thing?  And if I authenticated with a key, I would need a keyfile, right?  Which would require that I keep a keyfile on my person whenever I wanted to access the server, whereas right now, I have the password almost memorized (a few more entries should do the trick).

You would generate a private/public key pair and place the public key on the server. The private key (which should be protected with a passphrase) stays on your PC. When you log in, no password will ever be transferred. The more servers you have, the nicer it is. As long as your pubkey is on it, you can log in with your passphrase. I wouldn't want to carry around 2-3 pages of passwords to do my daily work. Just store your private key along with your portable Bitcoin in a Truecrypt container on your usb stick.

[1714856873]

1714856873

[1714856873]

1714856873

[SgtSpike]

I guess I don't understand the point of authenticating with a key vs a really long complicated password.  Aren't they both effectively the same thing?  And if I authenticated with a key, I would need a keyfile, right?  Which would require that I keep a keyfile on my person whenever I wanted to access the server, whereas right now, I have the password almost memorized (a few more entries should do the trick).

You would generate a private/public key pair and place the public key on the server. The private key (which should be protected with a passphrase) stays on your PC. When you log in, no password will ever be transferred. The more servers you have, the nicer it is. As long as your pubkey is on it, you can log in with your passphrase. I wouldn't want to carry around 2-3 pages of passwords to do my daily work. Just store your private key along with your portable Bitcoin in a Truecrypt container on your usb stick.

So it's a bit like having a password protected by a password then?

I don't carry a USB stick with me... nor do I carry pages of passwords with me.  I won't go into details about my methods of saving them here though.

Guess it's just one of those different strokes for different folks thing.  As long as the password isn't transmitted in plaintext for an SSH session, then I don't see why it wouldn't be a perfectly secure way of accessing a server.

[BCEmporium]

Actually his method is one password, after one password and then one password.  

Pass#1: To open your truecrypt container
Pass#2: PK password.
Pass#3: Your remote login. (optional, as the key pair can perform auth on their own, but you might want to su to other account)

Because he is a "security guy", probably he is using one of those password managers/generators. Which means that if you get his PC and manage to get and brutteforce his "password manager" along with his PK, you get all in one place to enter on every place he can. Surplus! Because there's no way he can remember (in the braincells) the user/pass combos he has in his password manager, you can just delete its database to lock the owner outside of his own property.
(Isn't paranoia b-e-a-u-t-i-f-u-l or what?)

[SgtSpike]

Actually his method is one password, after one password and then one password.  

Pass#1: To open your truecrypt container
Pass#2: PK password.
Pass#3: Your remote login. (optional, as the key pair can perform auth on their own, but you might want to su to other account)

Because he is a "security guy", probably he is using one of those password managers/generators. Which means that if you get his PC and manage to get and brutteforce his "password manager" along with his PK, you get all in one place to enter on every place he can. Surplus! Because there's no way he can remember (in the braincells) the user/pass combos he has in his password manager, you can just delete its database to lock the owner outside of his own property.
(Isn't paranoia b-e-a-u-t-i-f-u-l or what?)

Lol, I think I'm gonna have to side with you on this one.    I do appreciate having both of your opinions on the matter though.

[Bitsky]

@BCEmporium
You really think I'll go down to that level of yours now? You win, you're the greatest. If that gets you off, I'm glad I could help. 

[BCEmporium]

Believe that "paranoia" and general impractical "security" isn't security, at the best it counts as a nag, isn't "going down" anywhere.

Engineering is all about allocate the appropriate means and measures to a specific desirable end. NO MORE NO LESS! You don't see airplanes made of paper nor planes made of steel.