On Thu, Nov 28, 2013 at 10:45 AM, William Stein <[email protected]> wrote: > On Thu, Nov 28, 2013 at 10:27 AM, Georgi Guninski <[email protected]> > wrote: >> On Thu, Nov 28, 2013 at 07:48:24AM -0800, William Stein wrote: >>> On Nov 28, 2013 4:36 AM, "Volker Braun" <[email protected]> wrote: >>> > >>> > It would be just as easy for a compromised cloud ssh to download your >>> personal private key than to log your password. >>> >>> I always protect my ssh keys by passphrase protecting them, so just >>> downloading the private key does not trivially give access. Instead the >>> attacker would have to setup some sort of logger to get the passphrase, >>> which is harder. I also sometimes use ssh-agent. >>> >> >> sorry, this doesn't make sense at all. >> ssh(1) uses your private key, so it knows it. >> please don't spread disinformation and don't > > Ugh. If you properly passphrase protect your private key then > somebody who *copies* the private key file ~/.ssh/id_rsa gains > nothing. I did not claim anything other than this, and I am not > spreading disinformation. > I should have added the word "file" emphasized in my post above: "just > downloading the private key [file!] does not...". > I thought it was so obvious that if you log into a remote linux > machine and somebody else has also logged into the same machine as the > same user, then anything you do is not secure. I thought it would go > without saying. I'm sorry if there is any confusion. > > -- William
Anyway, the discussion above about "Easiest way to use cloud.sagemath in a terminal?" is just an answer to that question -- I'm not trying to spread disinformation. Fortunately, directly ssh'ing into a machine that is 100% compromised is unlikely to directly result in a compromise of the client [1], which is a good argument for me to add direct ssh access to cloud.sagemath, when I have the time to do so. [1] http://serverfault.com/questions/510154/if-using-public-keys-only-an-ssh-client-logs-into-or-is-already-logged-into > > -- > William Stein > Professor of Mathematics > University of Washington > http://wstein.org -- William Stein Professor of Mathematics University of Washington http://wstein.org"; -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/groups/opt_out.
