Security Basics mailing list archives
Re: Is SSH worth it??
From: Richard Caley <rjc () interactive co uk>
Date: Mon, 21 Oct 2002 11:15:35 +0100 (BST)
I don't think so - ssh-agent is useful on your actual workstation, when you have to do regular logins - it caches the passphrase without the need to save it in a file somewhere. As you probably won't be doing multiple root logins from a single ssh-session, the usefulness is almost zero.
Consider a setup where you run an ssh-agent for root at boot time, and have a suitably trusted person load in some keys. From now on root processes can use ssh to communicate with other machines who decide to trust those keys. The advantage is that the key is not available (unencrypted) in a file anywhere. This prevents someone rebooting the machine single-user and reading the key. Of course, it is only as secure as (a) root access to that machine and (b) ssh-agent and it's ability to hide the key, but the first is true of almost anything and the second at least limits your exposure to one program which is hopefully maintained by people who think about security issues. Personally, I wouldn't allow automated root operations from other machines by any method. Too much room for small errors and typoes to leave you wide open. -- Mail me as MYFIRSTNAME () MYLASTNAME org uk _O_ |<
Current thread:
- Re: Is SSH worth it?? David Corking (Oct 15)
- <Possible follow-ups>
- RE: Is SSH worth it?? Graham, Randy (RAW) (Oct 15)
- Re: Is SSH worth it?? Johan De Meersman (Oct 15)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 18)
- Re: Is SSH worth it?? David Corking (Oct 21)
- Re: Is SSH worth it?? Richard Caley (Oct 21)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? David Corking (Oct 16)
- RE: Is SSH worth it?? Chris Santerre (Oct 16)
- Re: Is SSH worth it?? Devdas Bhagat (Oct 17)
- Re: Is SSH worth it?? David Corking (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 17)
- Re: Is SSH worth it?? Chris Berry (Oct 16)
- RE: Is SSH worth it?? Mark Stunnenberg (Oct 17)
- Re: Is SSH worth it?? Johan De Meersman (Oct 17)
- RE: Is SSH worth it?? Chris Berry (Oct 17)