Re: Palm to FreeBSD using ssh

From: Timothy Luoma (lists_at_tntluoma.com)
Date: 08/29/05

  • Next message: Mark Senior: "RE: Palm to FreeBSD using ssh"
    Date: Mon, 29 Aug 2005 13:39:11 -0400
    To: Mark Senior <Mark.Senior@gov.ab.ca>
    
    

    On Aug 29, 2005, at 11:49 AM, Mark Senior wrote:

    > The correct answer is probably "it depends". There are a couple of
    > risk
    > factors that spring to mind. I've probably left some things out, but
    > maybe this would give you a place to start.
    >
    > - malicious servers - how frequently will you connect to unknown ssh
    > servers? The more often you do this, the more you should tend to use
    > the more thoroughly tested software (but as you say, maybe the
    > makers of
    > tussh just less humble).

    Almost never. I connect to the same 2 servers all the time, a 3rd
    one less often. Other than that, I just don't.

    > - client theft - how likely is the device that stores your private
    > keys
    > to be stolen (or lost)? The more likely this is, the more you should
    > tend to use encrypted keys. In the case of a portable device, I would
    > weigh theft as by far the highest risk.

    The key is a "DSA Private Key" which I assumed was safe.

    > - client compromise - how likely is the device that stores you
    > private keys to be compromised? A Windows worm can compromise a
    > Unix box, if the Windows box stores unencrypted ssh keys for the
    > Unix box. Encrypting keys provide some defence in depth against this.

    The client machine in question is a Mac. I don't store anything of
    value on a Windows machine.

    TjL


  • Next message: Mark Senior: "RE: Palm to FreeBSD using ssh"

    Relevant Pages

    • Re: Enterprose Manager after user password change
      ... XP client machines with a non-Domain account. ... > registered servers when the user's network password is changed. ... Saving the keys and restoring ... > password should be written to the registry. ...
      (microsoft.public.sqlserver.security)
    • graceful ssh key management
      ... How do I have multiple ssh keys not overwrite each other, ... I have a computer that is a client to a number of different servers. ...
      (SSH)
    • OpenSSH 3.0.1p1 Solaris 2.5 - 8.0 Nightmares occuring
      ... I am having some really bad problems trying to upgrade our servers to ... having all kinds of issues with the keys. ... PS Am purchasing O'reilly's SSH book today, hopefully, it will ...
      (comp.security.ssh)
    • ssh
      ... Whenever I remotely administer any of my servers from my Windows machine, I have an annoying problem with a few keys not working. ... Since the servers accept these keys locally, I'm thinking it has something to do with Windows not sending them over the ssh connection, but due to the fact I'm not a Windows person, I really don't know. ...
      (microsoft.public.windowsxp.network_web)
    • Re: courier imap keys and self-signed ca signing
      ... >> a program to generate keys but not csr's, i'm not sure how to get keys from ... > signed CA from OpenSSL and use it to sign a single cert for all your ... > servers. ... I'm not sure http browsers are aware of that field, ...
      (freebsd-questions)