Ubuntu server remote file access
Hal Burgiss
hal at burgiss.net
Mon Sep 30 16:48:42 UTC 2013
On Mon, Sep 30, 2013 at 12:14 PM, Paul Smith <paul at mad-scientist.net> wrote:
> On Mon, 2013-09-30 at 17:06 +0100, Colin Law wrote:
> > On 30 September 2013 16:55, Kent Borg <kentborg at borg.org> wrote:
> > > On 09/29/2013 10:48 AM, Hal Burgiss wrote:
> > > On Sat, Sep 28, 2013 at 2:17 PM, Kent Borg <kentborg at borg.org> wrote:
> > >> Yes, private keys are encrypted--if you encrypt them. So if someone
> has
> > >> your private key, they still need to break any encryption.
> > >
> > > Huh?
> > >
> > > You sound confused. What part don't you get?
> >
> > If someone has your private key then they have your private key.
> > There is no encryption that they need to break.
>
> I'm sure that Kent is assuming that you've added a passphrase to your
> private key; anyone who cares about the security of their private key
> will certainly do this.
>
> If the key has a passphrase then just having the key file won't help,
> you also must have, or be able to guess, the passphrase.
>
>
That's a passphrase, unrelated to "encryption". All ssh keys (public and
private) are *encrypted* when they are created using dsa, rsa, and
probably other options as well. The man page seems to make this perfectly
clear. If for some reason, you add any additional encryption (which is how
I am understanding Kent's comment), then they would not be usable as-is by
sshd.
And passphrases completely break unattended processes that some of us need
to do (ie for system to system backups, etc) . In fact, sshd creates
system passphraseless public/private key pairs during installation in
/etc/ssh. These are courtesy of Ubuntu and ssh maintainers.
--
Hal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20130930/f815a9c3/attachment.html>
More information about the ubuntu-users
mailing list