Yo! Stan Bubrouski wrote: > On 2/2/07, Tyop? <[EMAIL PROTECTED]> wrote: >> key-based login without passphrase is like eating cheese without >> bred. useless (IMHO). >> > > Totally, if someone compromises the machine and gets root they get all > your keys and without a passphrase... yeah no good.
If someone comprimises the machine and gets root your keys are very likely to be compromised any way. Root can easilly trojan your or ssh/ssh-agent and retrieve the keys. Same goes for passwords (although they have to be picked one at a time). Realistically, it is a pain to have all different passwords for all the different boxes. You can remember maybe something like 25 or so passwords if they are complex (if you do better then i'm happy for you) so you could propably use that if you are managing that kind of number of different boxes (or sets of similar boxes, if you use the same password in some cases). Also, with passwords you have to type them in when you log in to other machines, so it's possible to lose the password if any host in the chain is compromised - which is not the case for key auth and agent forwarding. For key auth and agent forwarding, the issue is that your keys could be used (not read) while your agent is forwarded. Now, I presume that I can keep my computer from being compromised. If i can't do that, I am fucked anyway. I keep the keys in my computer. Next, I create two sets of private keys, one that I use for user accounts "gateway hosts" (to get to the machines not directly accessible) that I ssh-add to my ssh-agent and allow anyone to use. The second key is used for accounts that I can get root with and I add them with ssh-add -c so that I would be alerted every time their usage is requested (SSH_ASKPASS). I forward the agent only to those gateway hosts. The alert box pops up on my screen with default "Confirm" button selected so I have to do an extra enter keypress for each logon. You could require some sort of easy password be typed to the confirmation box, so that some clever hacker couldn't monitor a remote session of yours and make his login attempt exacly when you are about to press enter anyway. I think it's pretty solid and also comfortable, what do you think? Siim Põder _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/