Author: Leo Date: To: Hampshire LUG Discussion List Subject: Re: [Hampshire] SSH
On 08/03/10 22:30, Andy Smith wrote: > Hi Leo,
>
> On Mon, Mar 08, 2010 at 10:14:43PM +0000, Leo wrote:
>> My understanding was that a client could have a private key. Its public
>> key could then be put on the server it wanted to ssh into. I thought the
>> passphrase was to encrypt the private key on the client machine and so
>> prevent it being discovered if the machine was e.g. stolen. My thinking
>> was therefore that if the disk on which the private key is saved was
>> encrypted, the private key would still be reasonably secure even if it
>> wasn't protected by a passphrase. Is my understanding flawed/completely
>> wrong?
>
> You're right that a passphrase on an ssh private key protects the
> key if someone gets hold of the file, but it would not be safe to
> say that encrypting your disk prevents people from getting hold of
> your files.
>
> However, a bug or exploit in the software that you're running could
> lead to remote compromise of your machine while it's running and
> while apps have access to its files. That would then give the
> attacker access to everywhere that your (passphrase-less) SSH key
> has access. Similarly if someone got access to your computer while
> it was still running. A rather more likely risk is simply human
> error - you or another administrator exposing your own private key
> file by accident.
>
> (note also that root on a machine can read the ssh-agent secrets of
> any user on that machine, so people with passphrased ssh keys do
> still expose themselves when running ssh-agent and especially when
> forwarding it to remote hosts that may not be as well secured)
>
> Cheers,
> Andy
>
>
