Ubuntu server remote file access
Kent Borg
kentborg at borg.org
Mon Sep 30 16:36:51 UTC 2013
On 09/30/2013 12:06 PM, Colin Law wrote:
> On 30 September 2013 16:55, Kent Borg <kentborg at borg.org> wrote:
>> On 09/29/2013 10:48 AM, Hal Burgiss wrote:
>>
>> On Sat, Sep 28, 2013 at 2:17 PM, Kent Borg <kentborg at borg.org> wrote:
>>>
>>> Yes, private keys are encrypted--if you encrypt them. So if someone has
>>> your private key, they still need to break any encryption.
>>
>> Huh?
>>
>>
>> You sound confused. What part don't you get?
> If someone has your private key then they have your private key.
> There is no encryption that they need to break.
If someone gets a copy of the file containing your private key, they
still have to break the encryption on that file. When you ran
"ssh-keygen" it asked you for a passphrase, and it used that to encrypt
that file and protect your private key. If they brute force that
passphrase *then* they have your private key.
Unless you didn't put on a passphrase. It seems everyone just leaves
that part blank, twice.
I thought someone said ssh keys are more secure. Sounds to me like the
motivation is they are more convenient. Some sweeping statement about
greater security is to make you feel good.
You might think I am against using ssh keys, but that is not true. I do
use an unencrypted ssh key, but only for a github account with nothing
terribly sensitive on it. I don't pretend that this is magically
secure. Any software running under my user ID can read that file and do
what it wants with it. I judge that is reasonable, in this case.
If you want sweeping statements, I stand by this: Choose good passwords
with components chosen by something that is actually random. And keep
those passwords secret (so not reused between sites).
-kb
More information about the ubuntu-users
mailing list