Joe Casadonte <[EMAIL PROTECTED]> writes:
> I've read everything I can find on how to get tramp to connect via ssh/scp
> from an NT box, and they all, without fail, say that you have to set it up
> so that you're not prompted for a password (i.e. via ssh-agent or keys).
> To me, this is an unacceptable security risk.
Actually, the case can easily be made that using ssh-agent with
ssh is more secure than authenticating using UNIX passwords.
ssh-agent is just that -- an agent. You must first provide your
passphrase for your private key (/not/ your UNIX password!) to
the agent and the agent can then /cryptographically/ authenticate
you. The agent will only do this authentication as long as it is
active and has your keys.
If you are concerned about security, remember that they keys are
there only as long as you want them there. If you need to step
away from your computer, you can remove the keys with
`ssh-add -D' and add them back later by re-authenticating to the
agent.
(For the hyper-secure, you should also quit any emacs
sessions in which you have run tramp, kill off the ssh-agent
process, and write over any memory used by these processes to
erase any traces of your passphrase or decrypted key. Also, you
may want to turn off the machine and unplug it completely just to
be sure.)
You may want to read further on ssh-agent.
By using the ssh-agent, I can have the convenience of
unencrypted SSH RSA keys (so I don't have to type a password
each time), without it being as vulnerable. The ssh-agent
will provide access to the key to child processes, and if
using FDs, it is fairly difficult even for root to get
unauthorized access to the agent.
-- http://security.sdsc.edu/help/ssh/agent.shtml
It all comes down to your own policy -- what risks are you
willing to live with? If you think that ssh-agent is not secure
enough for your needs, then you may want to also rethink your
policy of using VNC since that leaves a live connection open to a
remote machine that any program on your local machine could
hijack.
> Is there anyone, anywhere, using any port of any version of
> ssh or scp that has gotten tramp to work without requiring
> non-interactive security? Hopefully there is and I've just not
> found it.
Patches do exist, but I don't know where they are.
I think that as you read up on the security of ssh, you will find
that ssh-agent does not lessen your security in any appreciable way.
Mark.
--
ommnes exeunt in mysterium
All Things Lead into Mystery
