Doesn't that have all the problems of password auth, but with one extra step, wi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

ori_b on July 25, 2015 | parent | context | favorite | on: The OpenSSH Bug That Wasn't

Doesn't that have all the problems of password auth, but with one extra step, with it's own failure modes, in between?

semi-extrinsic on July 25, 2015 [–]

I don't think so. A single server sitting behind an advanced firewall/IDS/IPS system and managed by competent IT staff is a much harder target than a multitude of servers I manage myself.

Also note that it's not really an extra step, you put in a ProxyCommand in your .ssh/config file.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact