RE: Palm to FreeBSD using ssh

From: Mark Senior (Mark.Senior_at_gov.ab.ca)
Date: 08/29/05

  • Next message: Timothy Luoma: "Re: Palm to FreeBSD using ssh"
    Date: Mon, 29 Aug 2005 09:49:15 -0600
    To: "Timothy Luoma" <lists@tntluoma.com>
    
    

    The correct answer is probably "it depends". There are a couple of risk
    factors that spring to mind. I've probably left some things out, but
    maybe this would give you a place to start.

    - malicious servers - how frequently will you connect to unknown ssh
    servers? The more often you do this, the more you should tend to use
    the more thoroughly tested software (but as you say, maybe the makers of
    tussh just less humble).

    - client theft - how likely is the device that stores your private keys
    to be stolen (or lost)? The more likely this is, the more you should
    tend to use encrypted keys. In the case of a portable device, I would
    weigh theft as by far the highest risk.

    - client compromise - how likely is the device that stores you private
    keys to be compromised? A Windows worm can compromise a Unix box, if
    the Windows box stores unencrypted ssh keys for the Unix box.
    Encrypting keys provide some defence in depth against this.

    Regards
    Mark

    > -----Original Message-----
    > From: Timothy Luoma [mailto:lists@tntluoma.com]
    > Sent: August 28, 2005 19:16
    > To: secureshell@securityfocus.com
    > Subject: Palm to FreeBSD using ssh
    >
    >
    > On occasion I need to make an ssh connection to my FreeBSD
    > machine (OpenSSH).
    >
    > I have been using pssh (http://sealiesoftware.com/pssh/) but
    > it goes out of its way to say that it is "probably" not
    > secure. I have tried
    > (today) TuSSH (http://www.tussh.com/) which seems more secure
    > but I don't know if it IS more secure of if it just isn't as
    > verbose about not being secure.
    >
    > They both appear to have support for keys, but TuSSH FAQ says:
    >
    > Q) When I go to "Import Private Key", I see my memo,
    > entitled "Private Key", in the list.
    > When I select it, then click the "Import" button, the
    > Palm performs a soft reset or crashes.
    >
    > A) TuSSH doesn't support encrypted keys yet
    >
    > I don't know what TuSSH *does* really support (normally I
    > login with the id_dsa, but trying to import id_dsa.pub into
    > TuSSH didn't work.
    >
    >
    > So I copied my 'id_dsa' to my Treo, and imported it into pssh.
    >
    > I can now connect to the FreeBSD machine using my Private Key
    > and Passphrase.
    >
    > What I am trying to figure out is whether I should use TuSSH without
    > the Private Key or pssh with the Private Key. Which is more
    > secure?
    > Or is the answer "neither"?
    >
    > TjL
    >
    >
    >

    This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.

    This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.


  • Next message: Timothy Luoma: "Re: Palm to FreeBSD using ssh"

    Relevant Pages

    • Re: Q: Practical issues of symmetric vs. asymmetric encryption
      ... generating the CA's own keys used for signing). ... for customer key generation don't let the CA see the private key ... private key encrypted in the middle of it. ... It can also subvert the CA at any time, ...
      (sci.crypt)
    • Re: Q: Practical issues of symmetric vs. asymmetric encryption
      ... generating the CA's own keys used for signing). ... for customer key generation don't let the CA see the private key ... private key encrypted in the middle of it. ... It is probably easier for a government to subvert a CA than to ...
      (sci.crypt)
    • Re: File Encryption
      ... You can check some of the options including Microsoft. ... Even the decryption tools need the keys. ... The certificate is stored in a file with a .cer extension, ... and the certificate and private key are stored in a password-protected ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Hunde raus
      ... Wenn die Public Keys ordentlich verifiziert sind, ... müssten sich Fakeposter nämlich erstmal in den Besitz von Private Key ... Prev by Date: ... Next by Date: ...
      (de.rec.tiere.hunde)
    • Re: Can I move the private key from one server to another?
      ... >>Is there any way to transport the old private key from the old machine to ... Then I restart sshd on the new machine, ... > that it will use the copied keys. ... In an environment with hundreds of users changing it, ...
      (comp.security.ssh)