Re: ssh : password against keys

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 12/26/04 

Date: 26 Dec 2004 00:32:06 GMT

Gabriel <cy_rainchapeau26@yahoo.fr> writes:

>Greetings,

>I'm asking myself if I'm going to user keys instead of passwords to
>access to my linux box through ssh.
>If I have understood things correctly, I just drop the private key on my
>client, the public key on the server and, voila, I can log to my server
>without typing any password.

Yes.

>The problem is the following : my client is a windows Box, a laptop in
>fact. If someone manages to get in my windows Box, he is able to grab
>the key and log to my server from his own machine ?

In general yes. It is possible to protect the private key file with a
password (well , at least under Linux it is and I would assume that under
one of the Windows implimentations it is as well) so that each time you log
on you have to type in the local password to decrypt the local private part
of the public key. Many find this inconvenient -- ie equivalent to just
using password logon with the remote machine. Some implimentations of ssh
keep a copy of the password protecting the private key file in memory so
you need enter it only once at the beginning of the sessions. That has its
own advantages and disadvantages.

>now, on the other hand, If I do not use keys, he has to install some
>keyLogger in order to capture my password when I type it (I did not
>store the password in putty).

Once he has such access to your machine than he can install a keylogger you
are dead in the water anyway. He can then read your private key file and
record the password you use to protect it anyway.
ssh is NOT secure against your own machine being comprimised.

>Seems to me that even if the password flies "through the wire", it is
>more secure.

No. It is neither more or less secure against your machine itself being
comprimised.

>This is no Troll, I'm juste wondering whether it actually worths the
>hassle to install rsa keys on my server :)

I do not, some do.

Relevant Pages

  • Re: TIPS FOR THE NEWCOMER
    ... As long as the private key is readable by the ssh client when it comes ... When the ssh client connects to the server, ... private key which matches the public key. ...
    (SSH)
  • Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permi
    ... I have tried using SSH in>> the past, and got stuck setting up the public key login (that's ... In order to use cvs with ssh, we must use public key authentication. ...
    (freebsd-questions)
  • Re: applet file output
    ... Authentication is how the web server knows that ... > it is supposed to allow the applet to write the data. ... > has a distinct private key locally on their machine and the server has ... public key and hard code it into the applet. ...
    (comp.lang.java.programmer)
  • Re: Remote Desktop directly to another computer on the network
    ... It also allows file transfers, tunneling, etc. ... You can use any Java enabled browser AFAIK to connect to the server, ... because you can actually map a remote folder through the SSH tunnel. ... private key and strong pass phrase. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SSH as root
    ... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...
    (SSH)