Re: sending through a remote MTA with ssh
On Thu, Feb 16, 2006 at 09:23:56AM -0800, Jason Helfman wrote:
>
> On Thu, Feb 16, 2006 at 12:17:21PM -0500, Derek Martin thus spake:
> >On Thu, Feb 16, 2006 at 09:06:48AM +0000, Chris Green wrote:
> >>I use it from a work computer which is secure enough for me to simply
> >>set up secure keys and allow passwordless login without using
> >>ssh_agent. Since I stay logged on to my work computer all day using
> >>ssh_agent would add nothing in the way of security.
> >
> >Presumably by "set up secure keys and allow passwordless login without
> >using ssh_agent" you mean you've created keys with no passphrase.
> >
> >In practical terms, what you say is probably true; but there is a
> >difference. Anyone who could access your computer (either physically,
> >or reomotely through some exploit) could easily make a copy of your
> >key, which is not encrypted. While an unencrypted copy of your key is
> >available in your agent, the "attacker" would require a greater level
> >of sophistication to get your key out of the process's memory than
> >would be required to copy the file...
> >
> >In environments that require a high degree of security, using
> >unencrypted keys (keys with no passphrase) is unwise. Even if you use
> >ssh-agent (and hence an unencrypted copy of your key is laying around
> >in memory), the extra security you get from using passphrases is
> >small, but probably worthwhile. In such environments though, better
> >still to not use ssh-agent...
> >
> >Of course, a compromise of the key you use to access your e-mail
> >system is probably not the end of the world, unless it does a whole
> >lot more than just send and receive your e-mail...
> >
> This is the one of the most humorous threads ever. Down right ridiculous,
> actually.
>
What are you on about?! :-)
> Yes it is possible, I'm sure, however I don't know if this has already been
> said, but this does pose a "best practice" issue of use of the Internet.
>
> I believe that this is not a good way to use email, and I beg for this
> thread not to be posted on the Internet. People might think this is
> actually a good idea.
>
> If you don't want email, change your header to be from a email dump
> account. Just cause you can't manage your spam, don't blame everyone else.
> The Internet has become a money making entity, just like the good ole US of
> A. Get used to it.
I think you have got a wierd idea of how I read my mail! It has
nothing whatsoever to do with managing spam.
I simply connect to the system where I read my mail (with mutt) using
ssh. It has lots of advantages, the main one is that I can read my
mail from anywhere without any issues of where messages are stored
etc., they are always in the same place.
--
Chris Green (chris@xxxxxxxxxxx)
"Never ascribe to malice that which can be explained by incompetence."