Authentication in the Cloud

posted: November 4th, 2010

During my n00b days I thought ssh-keys were the bees knees; they seemed more ‘advanced’ than passwords because you had a file placed in a hidden (.) directory and the file had this gobble-dee-goop in it that somehow allowed me to get into my linux boxes securely.

Back then it was even cooler to use linux ‘cause all my colleagues were stoked about Windows NT 4.0, which then was a newcomer to the whole multi-user scene andwasn’t very stable nor secure. I eventually started to use a passphrase for my ssh-key as I figured out if someone hacked my Windows 95 PC that putty-agent would to all to keen to hand out my beloved ssh-key without a passphrase, and even with a passphrase if they got deep enough.

I now use two-factor authentication in my cloud based services. I am yet undecided as to whether it is actually more secure since my servers are running on a system on which I don’t have any physical control of the system or network.

I am holding out for Cohesive FT to bring out a t1.micro version of their VPN-Cubed appliance so that I don’t have to add another $35 per month just for a network concentrator.

One of my reservations is that I like to have a consistent authentication mechanism (ie: 2fa) for interactive authentication and it wouldn’t suit the use case of the VPN-Cubed appliance. Therefore the weakest link from a security persepective would be the VPN-Cubed appliance and ultimately would it then even be worth using 2fa if access to a critical system could be gained without 2fa authentication?