-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1) You should encourage (or force) users to use encrypted private keys always 2) You should encourage users to put private-encrypted keys only where they need them (usually not on servers but on the machines they use the keyboard of only or a USB stick that plugs into that machine). 3) You should encourage users to use the ssh-agent mechanism to migrate machine to machine (rather than having keys all over the place)
If the hacker captured the keystrokes to decrypt the key then he could/would have captured keystrokes for a password just as easily. If the practices above are abided by then the odds of compromise go down significantly. Rhys Morris wrote: > The disadvantage of ssh keys was made clear to us recently when a > machine in a different University was root compromised. The attackers > stole all the ssh keys they could find, and briefly obtained access to > my systems via the account of a former student. > > Should you allow ssh key access from machines you have no control over? > > Something to ponder, > > Rhys > > On Thu, 2 Oct 2008, Robert E. Blair wrote: > > Another alternative is to turn off password authentication and allow > only public key. This way the brute forcers can guess all they want and > never get lucky. If you need a "card" you can always put your encrypted > private key / public key pair on a thumb drive which is a very low cost > option that fits on your keychain. I believe this approach is > reasonably platform independent (but I don't us windows so I do not > speak with authority on this). > > Cheers, > Bob Blair > > > Brett Viren wrote: >>>> Faye Gibbins <[EMAIL PROTECTED]> writes: >>>> >>>>> Dr Andrew C Aitchison wrote: >>>>> >>>>>> ssh-agent means that although the ssh keys aren't stored on disk >>>>>> they *are* held in memory much of the time. Given that many laptops >>>>>> are suspended and rarely rebooted, do you have a way of ensuring >>>>>> that the machine regularly reconfirms the user's identity ? >>>>>> >>>>> Kerberosized ssh. >>>> >>>> Another, somewhat arcane, option is to use OpenPGP smart cards along >>>> with GnuPG's gpg-agent. The keys remain on the card and the card does >>>> the PGP authentication. Take the card out of the reader and no >>>> subsequent authentication can be done. >>>> >>>> I've evaluated this method and it does work but requires some amount >>>> of effort to set up. As far as I know there is only one supplier[1]. >>>> I also don't expect it to work on non-Linux platforms. But, besides >>>> all these negatives, it is a nice solution that also gives the user >>>> the usual benefits of PGP. >>>> >>>> >>>> -Brett. >>>> >>>> [1] http://www.g10code.com/p-card.html > >> - -- Robert E. Blair, Room E277, Building 362 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFI5QK3OMIGC6x7/XQRAnsCAJ91O/dfMuVMWjQ1vCbHpnYvsY8QrgCgq24a T2/t7oX21TlI+RJ7sX5NvzA= =crXd -----END PGP SIGNATURE-----
begin:vcard fn:Robert Blair n:Blair;Robert org:Argonne National Laboratory;High Energy Physics Division adr:;;Room E277, Building 362, 9700 South Cass Avenue;Argonne;IL;60439;USA email;internet:[EMAIL PROTECTED] title:Physicist tel;work:(630)-252-7545 tel;fax:(630)-252-5782 tel;home:(630)-495-3936 note;quoted-printable:Public GnuPG key available at: http://www.hep.anl.gov/reb/key.asc=0D=0A= x-mozilla-html:FALSE url:http://www.hep.anl.gov/reb version:2.1 end:vcard
