 
| Subject: | |
| From: | |
| Reply To: | Robert E. Blair |
| Date: | Thu, 2 Oct 2008 12:19:52 -0500 |
| Content-Type: | multipart/mixed |
| Parts/Attachments: |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
1) You should encourage (or force) users to use encrypted private keys
always
2) You should encourage users to put private-encrypted keys only where
they need them (usually not on servers but on the machines they use the
keyboard of only or a USB stick that plugs into that machine).
3) You should encourage users to use the ssh-agent mechanism to migrate
machine to machine (rather than having keys all over the place)
If the hacker captured the keystrokes to decrypt the key then he
could/would have captured keystrokes for a password just as easily. If
the practices above are abided by then the odds of compromise go down
significantly.
Rhys Morris wrote:
> The disadvantage of ssh keys was made clear to us recently when a
> machine in a different University was root compromised. The attackers
> stole all the ssh keys they could find, and briefly obtained access to
> my systems via the account of a former student.
>
> Should you allow ssh key access from machines you have no control over?
>
> Something to ponder,
>
> Rhys
>
> On Thu, 2 Oct 2008, Robert E. Blair wrote:
>
> Another alternative is to turn off password authentication and allow
> only public key. This way the brute forcers can guess all they want and
> never get lucky. If you need a "card" you can always put your encrypted
> private key / public key pair on a thumb drive which is a very low cost
> option that fits on your keychain. I believe this approach is
> reasonably platform independent (but I don't us windows so I do not
> speak with authority on this).
>
> Cheers,
> Bob Blair
>
>
> Brett Viren wrote:
>>>> Faye Gibbins <[log in to unmask]> writes:
>>>>
>>>>> Dr Andrew C Aitchison wrote:
>>>>>
>>>>>> ssh-agent means that although the ssh keys aren't stored on disk
>>>>>> they *are* held in memory much of the time. Given that many laptops
>>>>>> are suspended and rarely rebooted, do you have a way of ensuring
>>>>>> that the machine regularly reconfirms the user's identity ?
>>>>>>
>>>>> Kerberosized ssh.
>>>>
>>>> Another, somewhat arcane, option is to use OpenPGP smart cards along
>>>> with GnuPG's gpg-agent. The keys remain on the card and the card does
>>>> the PGP authentication. Take the card out of the reader and no
>>>> subsequent authentication can be done.
>>>>
>>>> I've evaluated this method and it does work but requires some amount
>>>> of effort to set up. As far as I know there is only one supplier[1].
>>>> I also don't expect it to work on non-Linux platforms. But, besides
>>>> all these negatives, it is a nice solution that also gives the user
>>>> the usual benefits of PGP.
>>>>
>>>>
>>>> -Brett.
>>>>
>>>> [1] http://www.g10code.com/p-card.html
>
>>
- --
Robert E. Blair, Room E277, Building 362
Argonne National Laboratory (High Energy Physics Division)
9700 South Cass Avenue, Argonne, IL 60439, USA
Phone: (630)-252-7545 FAX: (630)-252-5782
GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFI5QK3OMIGC6x7/XQRAnsCAJ91O/dfMuVMWjQ1vCbHpnYvsY8QrgCgq24a
T2/t7oX21TlI+RJ7sX5NvzA=
=crXd
-----END PGP SIGNATURE-----
|
|
|
