<<< Date Index >>>     <<< Thread Index >>>

Re: sending through a remote MTA with ssh



On Thu, Feb 16, 2006 at 09:23:56AM -0800, Jason Helfman wrote:
> 
> On Thu, Feb 16, 2006 at 12:17:21PM -0500, Derek Martin thus spake:
> >On Thu, Feb 16, 2006 at 09:06:48AM +0000, Chris Green wrote:
> >>I use it from a work computer which is secure enough for me to simply
> >>set up secure keys and allow passwordless login without using
> >>ssh_agent.  Since I stay logged on to my work computer all day using
> >>ssh_agent would add nothing in the way of security.
> >
> >Presumably by "set up secure keys and allow passwordless login without
> >using ssh_agent" you mean you've created keys with no passphrase.
> >
> >In practical terms, what you say is probably true; but there is a
> >difference.  Anyone who could access your computer (either physically,
> >or reomotely through some exploit) could easily make a copy of your
> >key, which is not encrypted.  While an unencrypted copy of your key is
> >available in your agent, the "attacker" would require a greater level
> >of sophistication to get your key out of the process's memory than
> >would be required to copy the file...
> >
> >In environments that require a high degree of security, using
> >unencrypted keys (keys with no passphrase) is unwise.  Even if you use
> >ssh-agent (and hence an unencrypted copy of your key is laying around
> >in memory), the extra security you get from using passphrases is
> >small, but probably worthwhile.  In such environments though, better
> >still to not use ssh-agent...
> >
> >Of course, a compromise of the key you use to access your e-mail
> >system is probably not the end of the world, unless it does a whole
> >lot more than just send and receive your e-mail...
> >
> This is the one of the most humorous threads ever. Down right ridiculous, 
> actually.
> 
What are you on about?!  :-)


> Yes it is possible, I'm sure, however I don't know if this has already been 
> said, but this does pose a "best practice" issue of use of the Internet.
> 
> I believe that this is not a good way to use email, and I beg for this 
> thread not to be posted on the Internet. People might think this is 
> actually a good idea.
> 
> If you don't want email, change your header to be from a email dump 
> account.  Just cause you can't manage your spam, don't blame everyone else. 
> The Internet has become a money making entity, just like the good ole US of 
> A.  Get used to it.

I think you have got a wierd idea of how I read my mail!  It has
nothing whatsoever to do with managing spam.

I simply connect to the system where I read my mail (with mutt) using
ssh.  It has lots of advantages, the main one is that I can read my
mail from anywhere without any issues of where messages are stored
etc., they are always in the same place.

-- 
Chris Green (chris@xxxxxxxxxxx)

    "Never ascribe to malice that which can be explained by incompetence."