> Okay fair enough, but what if the local machine (not the git server
> machine) is compromised? Wouldn't that mean that now my server is
> vulnerable because the attacker has the private key?
No, the local key is encrypted with the passphrase, and running
ssh-agent doesn't give you the private key, just things encrypted with
the private key:
"The agent will never send a private key over its request channel.
Instead, operations that require a private key will be performed
by the agent, and the result will be returned to the requester.
This way, private keys are not exposed to clients using the
agent."
I think the private key is only used to set up the secure channel, not
to actually encrypt the data itself. I think the raw data is
encrypted with a simple block cipher.
Of course, if the agent is still running, it can be used to access
anything the user has access to. However, killing the agent revokes
that access, unlike a compromised password. Normally, the agent only
runs on the user's local machine, not any of the machines he/she ssh's
to.
> Of course, they would need to know the pass phrase assuming there is
> one (I've never created a public/private key without a pass phrase).
I've used passphrase-less keys occasionally, like when I need to have
two servers talking to each other. You'd still need to use
tcp_wrappers or the equivalent for stuff like that, though.
> If the remote machine is compromised, I doubt they will care about a
> password on some local account. Please tell me people aren't using
> the same password everywhere.
One would hope, but one would be mistaken. *I* certainly don't use
the same password for more than one remote site at a time, and remote
passwords are always different than local passwords. But all my local
passwords are the same.
_______________________________________________
geda-dev mailing list
[email protected]
http://www.seul.org/cgi-bin/mailman/listinfo/geda-dev
