On Wed, 31 Aug 2005, Colin Corr wrote:
On Wed, 2005-08-31 at 08:53 -0700, Sebastian Smith wrote:
On Tue, 30 Aug 2005, Colin Corr wrote:
On Tue, 2005-08-30 at 20:06 -0700, Ben Johnson wrote:
On Tue, Aug 30, 2005 at 05:55:50PM -0700, Brian Chrisman wrote:
Ben Johnson wrote:
Hey.
I had a question during the ssh talk given a while ago. (2-3 months?)
Something like... "what's the alternative to a password-less ssh key
for automating multi-host maintenance?" It never quite got answered.
The issue is coming up for me again today. :) What do I do?
Do you mean 'passphrase-less'?
You can use the ssh agent stuff to hold yer decrypted ssh keys in
memory, and provide them as necessary for authentication... that way you
only have to put in yer pass phrase once per session (which, I think,
can be defined multiple ways).
word... phrase... one has spaces in it... ;)
I'm familiar with ssh-agent. somewhat anyway. I typically login at a
virtual terminal, run 'exec ssh-agent bash' then 'exec startx'. this
little bit of experience leads me to believe I have a couple problems:
- using ssh-agent doesn't free me from having to enter a passphrase,
which is problematic as I can't be sure that I'll available when the
system reboots.
- I'm wanting to run these scripts that do that connecting from cron
jobs. I thought ssh-agent can only be used by children of ssh-agent.
isn't that right? would I have to run crond as a child of ssh-agent?
- is it possible to start an ssh-agent process on a server then let it
run unattended and without leaving it attached to some tty?
The only problem I have with a passphrase-less ssh key is the chance
that someone will crack the machine, get a hold of the key and use it to
crack into more machines. The security issue is why I only create them
on well protected machines. I think I prefer this problem/risk to what
I understand, so far, is the alternative.
- Ben
You can even script logins for automating maintenance tasks on multiple
hosts...
In what way is this more secure than passphrase-less logins? And, why use
this technique over passphrase-less logins? This comes back to my
arguement about user interaction -- it's the "security" layer of PKC. If
you remove the user interaction you may as well remove the passphrase, as
your level of confidence should be the same.
- Sebastian
passphrase-less = public/private key authentication without an
interactive passphrase (correct?)
Correct, a key pair without an interactive passphrase.
Realistically, this is not an issue of cryptography, as we obviously
have a good level of confidence in that part, or we wouldn't be using
RSA based keys with SSH.. right? This is an issue of: how confident are
you in your security of your private keys? Or more directly, are we all
confident that we can secure the box that holds our private keys?
I guess we're partially dicussing security of the individual key for
authentication, and partially system security. When the discussion began
there was a statement that went something like "you should never make a
key without a passphrase" to which "why?" was asked in response. My
response to this is that it renders PKC useless insofar as you should have
no confidence in your key -- in effect "breaking" the system, as it is
based upon confidence. The only way you can instill confidence in your
passphrase-less key is through alternate forms of security (system
security, etc).
This is my $0.01 -- my exchange rate is pretty bad right now.
- Sebastian
_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug
