--- "Zieg, Mark" <[EMAIL PROTECTED]> wrote: > > Password-protected keys help protect them against > > theft. I would encourage everyone to use such > keys. > > Or did I misunderstand your post? > > Are you talking about ssh-agent, or passphrase-based > ssh keys, or an > external layer of encryption on the keyfiles, or > what? Please be specific.
I previously posted saying that SSH keys should be password-protected and that if they were, one can run ssh-agent so that one needn't type in the password each time, or type in the password for each use. > ssh-agent, for instance, would be a bit more secure, > as long as you're > sitting down at the console of one SSH-equipped > workstation, and don't mind > taking a minute to systematically startup ssh-agent > connections to each host > with which you plan to communicate during that > session. In the past, I had set up my system to start up ssh-agent upon first login. It wasn't such a big deal. > My biggest problem with any of these approaches, > besides the inconvenience, > is they eliminate the opportunity for secure, > automated batch processes. I don't see how. So long as there's an already-running ssh-agent, a batch process can use it. True, if the machine were rebooted, there'd be no automated way to recover, but hey, that's the price for more security. > I > have various cron jobs that fire off automatically, > connect to different > servers, do reports/extracts/whatever, and so on. > For that, AFAIK, you need > to store your keys in the filesystem. AFAIK, the keys need to be stored on the filesystem in any SSH setup. If you meant that the keys can't be password-protected, like I said, just have ssh-agent running in the background (then have your cron job 'ps' to get the ssh-agent PID). > Correct me if I'm wrong, but as long as your private > key is chmod 600, the > only way it will be compromised is if your local > workstation gets rooted. Maybe. One question I've had in the past is whether keys should be backed up or not. If they are, there's now at least one copy of them. I believe this increases the chances (even minutely) of them falling into the wrong hands. In the end, if you haven't done a complete security audit of the entire backup procedures, you can't trust them to be secure. > If that happens, ssh-agent itself can be quickly > trojaned with a compromised > copy that collects passwords. This is one reason why I'd like trusted OS's (eg no one user, including root, is all-powerful) to take off faster but that's another topic. > Likewise, if you're > just using > passphrase-encrypted keys, ssh and cvs themselves > are both compromised on a > rooted box...so what's the difference? Or am I > missing something? If you're assuming that the only compromise possible for keys is a root compromise then you are correct. How sure are you that that's the only compromise? > Thanks...this is more interesting than listening in > on pserver discussions > :-) I agree :-) Noel __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs