On 08/02/16 21:02, Hugo Osvaldo Barrera wrote: > On Tue, Aug 2, 2016, at 22:01, Nick Holland wrote: >> On 08/02/16 01:48, Remi Locherer wrote: ... >> > I still makes sense to encrypt your ssh keys. Think of a bug in a >> > browser >> > that allows a server reading your files. >> >> right. >> >> Disk Encryption protects your key and other data when your computer is >> OFF. And only when it is off. When your computer is active and the >> file systems available, any attacker that manages to get into your >> system through any means can see whatever they have access to. If >> they >> grab your no-passphrase key, they now have your key. If they >> grab your >> passphrased key...they got a jumble of funny characters. >> >> Nick. >> > > Doesn't the fact that ssh-agent is running somehow make the keys > accessible anyway? Or am I making misassumptions on how it works?
ssh-agent provides a way to USE keys, not expose keys. Remember, this is public key cryptography, which has some nifty abilities to avoid exposing private keys while still using them. A key without a passphrase is protected by nothing other than file permissions. Anything /you/ run or runs as you has the ability to read your private key. ANYTHING. Your browser. Your mail client. That obfuscated code block your friend just showed you. Your backup system. Everyone else with doas access on your system. >From the man page: "The agent will never send a private key over its request channel. Instead, operations that require a private key will be performed by the agent, and the result will be returned to the requester. This way, private keys are not exposed to clients using the agent." so ... there's no way to query the agent and get a passphrase-free private key. Instead, things wishing to use the agent pose a query (based on the public key) that can only be answered by something holding the private key. Now, I suspect (nb: I am not a cryptographer or SSH coder. But I sat at a table with one once, and was completely in awe) the key has to be held in unlocked form in RAM, so perhaps a very serious breach that allowed the raw access of system RAM might produce it...but would also produce a lot of other nifty things, and by that point, your system is so completely compromised, not much is trustworthy anymore. Nick.
