On Thu, Nov 28, 2013 at 10:27 AM, Georgi Guninski <[email protected]> wrote: > On Thu, Nov 28, 2013 at 07:48:24AM -0800, William Stein wrote: >> On Nov 28, 2013 4:36 AM, "Volker Braun" <[email protected]> wrote: >> > >> > It would be just as easy for a compromised cloud ssh to download your >> personal private key than to log your password. >> >> I always protect my ssh keys by passphrase protecting them, so just >> downloading the private key does not trivially give access. Instead the >> attacker would have to setup some sort of logger to get the passphrase, >> which is harder. I also sometimes use ssh-agent. >> > > sorry, this doesn't make sense at all. > ssh(1) uses your private key, so it knows it. > please don't spread disinformation and don't
Ugh. If you properly passphrase protect your private key then somebody who *copies* the private key file ~/.ssh/id_rsa gains nothing. I did not claim anything other than this, and I am not spreading disinformation. I should have added the word "file" emphasized in my post above: "just downloading the private key [file!] does not...". I thought it was so obvious that if you log into a remote linux machine and somebody else has also logged into the same machine as the same user, then anything you do is not secure. I thought it would go without saying. I'm sorry if there is any confusion. -- William > suggest __cloud.__ to login to [email protected]. > > 10x. > > > -- > You received this message because you are subscribed to the Google Groups > "sage-support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/sage-support. > For more options, visit https://groups.google.com/groups/opt_out. -- William Stein Professor of Mathematics University of Washington http://wstein.org -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/groups/opt_out.
