Security Basics mailing list archives
Re: SSH Passphrase
From: "Janus N." Tøndering <janus () bananus dk>
Date: 07 Mar 2003 11:51:03 +0100
If you use a password protected keyfile you need to have ssh-agent running to do password-less logins. You can let ssh-agent span over several sessions by setting the SSH_AUTH_SOCK environment variable to the same as the session where you ran ssh-agent. If you do not use passphrases you can only protect the key using basic file permissions. Under all circumstances you have to trust root on the machine you store your key. root can always get the key and if you password protect it but use ssh-agent he can do the same SSH_AUTH_SOCK trick and bypass the needed password. Also, the box could be cracked and assuming the cracker has root he will have access to the scp system with trouble at all. Janus On Wed, 2003-03-05 at 22:06, Stefan Lesicnik wrote:
Hi, Im fairly new to private and public key encryption, so dont quite understand all the concepts. I have the need to scp a file to a remote server without specifying the password as it is done from a non-interactive script. I have accomplished this by generating a dsa key without a passphrase. Although this works I am worried about the security concerns of doing this? (Without a passphrase, how does it authenticate? Based on the machines dsa key which was made from machine specific entropy?) I know of programs such as ssh-agent, but these require you to enter a passphrase at the beginning of the session which it then remembers, this isnt possible as it is non-interactive in my case. Does anyone have any ideas or comments? TIA Stefan Lesicnik
-- Janus N. Tøndering <janus () bananus dk>
Current thread:
- Re: Outlook web access rogue (Mar 03)
- <Possible follow-ups>
- Re: Outlook web access i.t (Mar 03)
- SSH Passphrase Stefan Lesicnik (Mar 05)
- RE: SSH Passphrase Michael Cunningham (Mar 06)
- RE: SSH Passphrase Michael Sconzo (Mar 06)
- Re: SSH Passphrase Devdas Bhagat (Mar 06)
- Re: SSH Passphrase David M. Fetter (Mar 06)
- Re: SSH Passphrase Janus N. (Mar 07)
- Re: SSH Passphrase Johan De Meersman (Mar 08)
- SSH Passphrase Stefan Lesicnik (Mar 05)
- Re: Outlook web access Devdas Bhagat (Mar 03)
- Re: Outlook web access Nuzman (Mar 04)
- Re: Outlook web access Chris Travers (Mar 03)
- RE: Outlook web access CHRIS GRABENSTEIN (Mar 03)
- RE: Outlook web access Jennifer Fountain (Mar 03)
- Re: Outlook web access David Glosser (Mar 05)
- Re: Outlook web access Mark Ng (Mar 06)
- Re: Outlook web access David Glosser (Mar 05)
- Outlook web access Sys Sec (Mar 03)