<<< Date Index >>>     <<< Thread Index >>>

Re: sending through a remote MTA with ssh



This is the one of the most humorous threads ever. Down right ridiculous, actually.

Yes it is possible, I'm sure, however I don't know if this has already been said, but this does pose a "best practice" issue of use of the Internet.

I believe that this is not a good way to use email, and I beg for this thread not to be posted on the Internet. People might think this is actually a good idea.

If you don't want email, change your header to be from a email dump account. Just cause you can't manage your spam, don't blame everyone else. The Internet has become a money making entity, just like the good ole US of A. Get used to it.

On Thu, Feb 16, 2006 at 12:17:21PM -0500, Derek Martin thus spake:
On Thu, Feb 16, 2006 at 09:06:48AM +0000, Chris Green wrote:
I use it from a work computer which is secure enough for me to simply
set up secure keys and allow passwordless login without using
ssh_agent.  Since I stay logged on to my work computer all day using
ssh_agent would add nothing in the way of security.

Presumably by "set up secure keys and allow passwordless login without
using ssh_agent" you mean you've created keys with no passphrase.

In practical terms, what you say is probably true; but there is a
difference.  Anyone who could access your computer (either physically,
or reomotely through some exploit) could easily make a copy of your
key, which is not encrypted.  While an unencrypted copy of your key is
available in your agent, the "attacker" would require a greater level
of sophistication to get your key out of the process's memory than
would be required to copy the file...

In environments that require a high degree of security, using
unencrypted keys (keys with no passphrase) is unwise.  Even if you use
ssh-agent (and hence an unencrypted copy of your key is laying around
in memory), the extra security you get from using passphrases is
small, but probably worthwhile.  In such environments though, better
still to not use ssh-agent...

Of course, a compromise of the key you use to access your e-mail
system is probably not the end of the world, unless it does a whole
lot more than just send and receive your e-mail...

--
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.