<<< Date Index >>>     <<< Thread Index >>>

Re: sending through a remote MTA with ssh



On Thu, Feb 16, 2006 at 06:56:20PM +0000, Chris Green wrote:
> > Presumably by "set up secure keys and allow passwordless login without
> > using ssh_agent" you mean you've created keys with no passphrase.
>  
> Yes, sorry, that's the one.  It's a while since I did it so I'd
> forgotten the details.  .... and I did read all about the security
> risks.

No doubt, but there are potentially lots of other eyes (the original
poster, for example) reading this thread who are probably not aware of
the risks... ;-)

> If they can get access to my home directories on the computers at work
> there are *far* more interesting things to steal than the unencrypted
> ssh keys there!  This is why I decided it was 'safe enough'.

Of course, it depends on what the attacker's goal is...  Some people
break into systems just to learn how to do it, and don't care about
the data on those systems, except where it helps them gain access to
other systems...

> > Of course, a compromise of the key you use to access your e-mail
> > system is probably not the end of the world, unless it does a whole
> > lot more than just send and receive your e-mail...
> > 
> You have hit the nail well on the head there.

:)

Your original message might be construed by some that creating keys
with no passphrase really poses very little risk.  I wanted to make it
clear that in general, that's not the case, even if it happens to be
true in your case.  Managing security is entirely about managing
risk, so whether or not it's acceptable to live with that risk depends
entirely on the specific case.  For many, the security of their ssh
keys might be the only layer of protection they have, and therefore
using a passphrase is much more important.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

Attachment: pgpVB1fMKkhTJ.pgp
Description: PGP signature