简体繁体 English

为什么自动脚本首选公用密钥身份验证？

[英]Why public key authentication is preferred for automated scripts?

原文 2010-03-25 18:25:16 2 3 security/ authentication/ ssh

I found the following claim in the documentation for Net::OpenSSH : 我在Net :: OpenSSH的文档中发现了以下要求：

Note that using password authentication in automated scripts is a very bad idea. 请注意，在自动脚本中使用密码身份验证是一个非常糟糕的主意。 When possible, you should use public key authentication instead. 如果可能，您应该改用公共密钥身份验证。

What's flawed in using password authentication in automated scripts? 在自动脚本中使用密码身份验证有何缺陷？

3 个解决方案

Passwords are easier to guess/brute force than private keys (unless you are running Debian ;) 密码比私钥更容易猜测/强行使用（除非您正在运行Debian；）

Imagine you have a user account which runs 120 different automated scripts. 假设您有一个运行120个不同自动脚本的用户帐户。 If you hardcode password into each of them you now have 120 places to change it. 如果您将密码硬编码到每个密码中，则现在有120个地方可以更改它。

If you place the password into a config file and have all 120 scripts read it from the file sooner or later somebody will accidentally make that file world readable. 如果将密码放入配置文件中，并且所有120个脚本迟早都会从该文件中读取密码，则有人会不小心使该文件世界可读。 ssh won't work when the private key is not 600. 当私钥不是600时，ssh将不起作用。

Somebody can decide to change user's password without thinking about the possibility of it being hardcoded in some script. 有人可以决定更改用户密码，而无需考虑在某些脚本中将其硬编码的可能性。 You are more likely to stop and think before changing the private key. 更改私钥之前，您更有可能停下来思考。

Probably because with password authentication, you have to hard code the password itself into the script or at least into some sort of configuration file. 可能是因为使用密码身份验证，您必须将密码本身硬编码到脚本中，或至少编码到某种配置文件中。 It's never a good idea to hard code your plain ssh password i think :) 硬编码我认为的普通ssh密码绝不是一个好主意:)

Public key authentication should always be preferred for any remote resource. 对于任何远程资源，始终应该首选公钥身份验证。 It is statistically impossible to guess the challenge response and can thwart MITM attacks. 从统计上讲，不可能猜出挑战响应并可能阻止MITM攻击。 Although this does not rule out the possibility of the attacker being extremely lucky. 尽管这并不排除攻击者非常幸运的可能性。

If the attacker can read files on the remote system, the password or the private key must be in plain text and there for can be read. 如果攻击者可以读取远程系统上的文件，则密码或私钥必须为纯文本格式，并且可以读取。 Asymmetric cryptography isn't a magic wand that solves all problems. 非对称密码学并不是解决所有问题的魔杖。

One possibility for this warning in the docs is that if you use a password and the script isn't checking the sshd's public key then a MITM attack could obtain the clear text password. 在文档中此警告的一种可能是，如果您使用密码并且脚本未检查sshd的公钥，则MITM攻击可以获得明文密码。 You should be checking the remote servers authentication by hard-coding the public key. 您应该通过对公共密钥进行硬编码来检查远程服务器的身份验证。 The ssh command on the cli does this automatically and will throw a warning if a server's key changes. cli上的ssh命令会自动执行此操作，如果服务器的密钥发生更改，则会发出警告。 If you aren't checking the authentication credentials of the remote server and you are using public key authentication then an attacker can only MITM that session because the attacker will not be able to obtain the client's private key to re-auth. 如果您不检查远程服务器的身份验证凭据，而是在使用公用密钥身份验证，则攻击者只能对该会话进行MITM，因为攻击者将无法获取客户端的私钥来进行重新身份验证。