Re: sending through a remote MTA with ssh
On Thu, Feb 16, 2006 at 12:17:21PM -0500, Derek Martin wrote:
> On Thu, Feb 16, 2006 at 09:06:48AM +0000, Chris Green wrote:
> > I use it from a work computer which is secure enough for me to simply
> > set up secure keys and allow passwordless login without using
> > ssh_agent. Since I stay logged on to my work computer all day using
> > ssh_agent would add nothing in the way of security.
>
> Presumably by "set up secure keys and allow passwordless login without
> using ssh_agent" you mean you've created keys with no passphrase.
>
Yes, sorry, that's the one. It's a while since I did it so I'd
forgotten the details. .... and I did read all about the security
risks.
> In practical terms, what you say is probably true; but there is a
> difference. Anyone who could access your computer (either physically,
> or reomotely through some exploit) could easily make a copy of your
> key, which is not encrypted. While an unencrypted copy of your key is
> available in your agent, the "attacker" would require a greater level
> of sophistication to get your key out of the process's memory than
> would be required to copy the file...
>
If they can get access to my home directories on the computers at work
there are *far* more interesting things to steal than the unencrypted
ssh keys there! This is why I decided it was 'safe enough'.
> In environments that require a high degree of security, using
> unencrypted keys (keys with no passphrase) is unwise. Even if you use
> ssh-agent (and hence an unencrypted copy of your key is laying around
> in memory), the extra security you get from using passphrases is
> small, but probably worthwhile. In such environments though, better
> still to not use ssh-agent...
>
Yes, if security is a serious issue then unencrypted keys whether in
memory or in a file are probably not a 'good thing'.
> Of course, a compromise of the key you use to access your e-mail
> system is probably not the end of the world, unless it does a whole
> lot more than just send and receive your e-mail...
>
You have hit the nail well on the head there.
--
Chris Green (chris@xxxxxxxxxxx)
"Never ascribe to malice that which can be explained by incompetence."