Ubuntu server remote file access
Paul Smith
paul at mad-scientist.net
Mon Sep 30 17:22:24 UTC 2013
On Mon, 2013-09-30 at 12:48 -0400, Hal Burgiss wrote:
> On Mon, Sep 30, 2013 at 12:14 PM, Paul Smith <paul at mad-scientist.net> wrote:
> On Mon, 2013-09-30 at 17:06 +0100, Colin Law wrote:
> > On 30 September 2013 16:55, Kent Borg <kentborg at borg.org> wrote:
> > > On 09/29/2013 10:48 AM, Hal Burgiss wrote:
> > > On Sat, Sep 28, 2013 at 2:17 PM, Kent Borg <kentborg at borg.org> wrote:
> > >> Yes, private keys are encrypted--if you encrypt them. So if someone has
> > >> your private key, they still need to break any encryption.
> > >
> > > Huh?
> > >
> > > You sound confused. What part don't you get?
> >
> > If someone has your private key then they have your private key.
> > There is no encryption that they need to break.
> I'm sure that Kent is assuming that you've added a passphrase to your
> private key; anyone who cares about the security of their private key
> will certainly do this.
>
> If the key has a passphrase then just having the key file won't help,
> you also must have, or be able to guess, the passphrase.
> That's a passphrase, unrelated to "encryption". All ssh keys (public
> and private) are *encrypted* when they are created using dsa, rsa,
> and probably other options as well. The man page seems to make this
> perfectly clear. If for some reason, you add any additional encryption
> (which is how I am understanding Kent's comment), then they would not
> be usable as-is by sshd.
I don't understand the distinction you're trying to make here, and I
don't think I agree with your terminology.
A (passphrase-less) private key is not "encrypted". A private key is,
basically, a mathematical value which can be fed into a deterministic
algorithm. It is used to perform encryption and decryption, but it,
itself, is not encrypted. It can be considered to be "encoded", since
the binary value is translated into a long string of hex digits for
convenient storage and distribution, but it's not encrypted since it can
be used directly without needing to be combined with any other
information.
A private key file with a passphrase is encrypted: getting a copy of the
key file alone won't let you use it. The contents of the file must be
processed with the passphrase as input in order to change it back into a
usable file. Just like any other encrypted file.
> And passphrases completely break unattended processes that some of us
> need to do (ie for system to system backups, etc).
Of course there are many uses for passphrase-less keys. They provide a
convenience of unattended remote access, with at least some amount of
security. They're equivalent, authentication-wise, to writing a script
containing the password needed to log in remotely, only ssh/scp are far
more convenient than telnet/ftp (and they encrypt traffic, but that's
not an authentication feature).
However one should not imagine that those are any more secure than your
local disk. I create different keys for this kind of access and I'd
NEVER use those for any other purpose. All the keys I use for
interactive access to other servers always have a strong passphrase.
> In fact, sshd creates system passphraseless public/private key pairs
> during installation in /etc/ssh. These are courtesy of Ubuntu and ssh
> maintainers.
Those are host keys. They have a completely different purpose: they're
there to avoid man-in-the-middle attacks (to prove that the server
you're talking to is the one that you think it is). Only the SSH daemon
needs to read those private keys so they're owned by, and readable only
by, root on the server. If an attacker can read those key files then
they already have root access to the server and you've already lost.
You should never use host keys as normal public/private keys for user
accounts, not even root.
Cheers!
More information about the ubuntu-users
mailing list