Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Better security' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Better security
Authored by: r0adrage on Dec 08, '01 04:20:51AM

ironically, by using keychain you are still susceptible to anyone with access to your file system. any use who would be able to compromise your ssh identity files would also be able to compromise your .ssh-agent file that keychain creates, thus being able to ssh as you using your instance of ssh-agent by simply "source ~you/.ssh-agent" in their shell.

Permissions for ssh keys are, by default, only readable by the owner, so anyone who can read your ssh key would also be able to read your .ssh-agent file.

I'm still looking for a way to get ssh-agent to start up as the parent of my OSX login session.



[ Reply to This | # ]
Re: Better security
Authored by: Anonymous on Dec 08, '01 09:30:05AM

You are right that the security with Keychain/ssh-agent is not fullproof, but I think it's a magnitud better than to use no password at all for your SSH-key.

If you use a key with no password and someone break in to your computer they can take your SSH-key and use it as they like from any computer. Breaking in could be as trivial as walking up to your computer when you are away for a minut and copy the key.

With a good password on the SSH-key you raise the threshold *considerably*. Keychain/ssh-agent make it possible to have a password without having to type the it all the time.



[ Reply to This | # ]
re: Better security
Authored by: lone mac on Mar 01, '02 11:57:41PM
> I'm still looking for a way to get ssh-agent to start up as the parent of my > OSX login session. Actually, Kevin Van Vechten wrote a tool that does exactly what you ask for: SSHAgentServices for Mac OS X I just discovered it recently and have been very pleased with it.

[ Reply to This | # ]