Dear Anthony,
Thanks for taking the time to read my opinion. Clarification of the
"Sandboxing" concept is appreciated and you are absolutely right about the
"user space" vulnerability of ssh keys, one of the reasons I (mostly
except for rsync ) cling to the use of passwords to get between systems.
I like and undestand the concept you are considering with
~/.config/systemd/user/ there is a certian "MACish" flavor to it.
Finally, just because you brought it up, I am going to place the NORAD
Nuclear Missle Launch Codes in a tiddlywiki, where they will doubtless be
safe.
Mosh (https://en.wikipedia.org/wiki/Mosh_%28software%29) could be the
future. It is an interesting security model. I am beginning to fear the
future...
I gotta go get Pizza...
Regards,
Flint
On Mon, 28 Mar 2016, Anthony Carrico wrote:
Date: Mon, 28 Mar 2016 12:57:27 -0400
From: Anthony Carrico <[email protected]>
Reply-To: Vermont Area Group of Unix Enthusiasts <[email protected]>
To: [email protected]
Subject: Re: An opinion on ssh included in Linux_adult_swim Meeting today,
March 27th at 5 PM at Hedding United Methodsist, 40 Washington Street...
On 03/28/2016 10:54 AM, Paul Flint wrote:
I would ask them both if this enhancement of the cryptography is really
necessary in low to medium criticality situations. Breaking into a
public-private key cryptographic session is non-trivial enough that I
feel Anthony's apologetic tone in not using pass-phrases unnecessary,
that is, unless he has started work on Nuclear Missile Launch codes...
Just to be clear, the issue I was trying to address is has nothing to do
with ssh itself, but rather the fact that every program you run (with
your user id) can easily grab your ssh keys, or use your (running) ssh
agent. This is what I meant when I referred to 'sandboxing', or rather
the lack-there-of in the usual unix userspaces. This has nothing to do
with the crypto itself. The traditional model is, "just go ahead and
give all my permissions to every program I run."
Jonathan: I have my reservations about address space randomization, but
I think I've voiced them here in the past.
Also, speaking of ssh:
1. Does everyone know about mosh?
2. Does everyone know the joy of using ~/.config/systemd/user/ to start
and stop ssh-agent (and also tiddlywiki for that matter)?
--
Anthony Carrico
Kindest Regards,
☮ Paul Flint
(802) 479-2360 Home
(802) 595-9365 Cell
/************************************
Based upon email reliability concerns,
please send an acknowledgement in response to this note.
Paul Flint
17 Averill Street
Barre, VT
05641
