Ubuntu server remote file access

Colin Law clanlaw at googlemail.com
Mon Sep 30 20:02:51 UTC 2013 

On 30 September 2013 17:36, Kent Borg <kentborg at borg.org> wrote:
> On 09/30/2013 12:06 PM, Colin Law wrote:
>>
>> On 30 September 2013 16:55, Kent Borg <kentborg at borg.org> wrote:
>>>
>>> On 09/29/2013 10:48 AM, Hal Burgiss wrote:
>>>
>>> On Sat, Sep 28, 2013 at 2:17 PM, Kent Borg <kentborg at borg.org> wrote:
>>>>
>>>>
>>>> Yes, private keys are encrypted--if you encrypt them.  So if someone has
>>>> your private key, they still need to break any encryption.
>>>
>>>
>>> Huh?
>>>
>>>
>>> You sound confused.  What part don't you get?
>>
>> If someone has your private key then they have your private key.
>> There is no encryption that they need to break.
>
>
> If someone gets a copy of the file containing your private key, they still
> have to break the encryption on that file.  When you ran "ssh-keygen" it
> asked you for a passphrase, and it used that to encrypt that file and
> protect your private key.  If they brute force that passphrase *then* they
> have your private key.
>
> Unless you didn't put on a passphrase.  It seems everyone just leaves that
> part blank, twice.

The PC is at my home so normally no-one with evil intent has physical
access to it.  If my PC is stolen then it will be by someone who wants
to sell it, not in order to gain access to my servers.  Therefore
there is no benefit for me in adding a passphrase.  For others the
situation is different of course.

>
> I thought someone said ssh keys are more secure.  Sounds to me like the
> motivation is they are more convenient.  Some sweeping statement about
> greater security is to make you feel good.

My understanding is that from the point of view of a hacker probing
random IP addresses and trying to break in, the keys are more secure.
For most I believe that is the key point.

Colin

>
> You might think I am against using ssh keys, but that is not true. I do use
> an unencrypted ssh key, but only for a github account with nothing terribly
> sensitive on it.  I don't pretend that this is magically secure.  Any
> software running under my user ID can read that file and do what it wants
> with it.  I judge that is reasonable, in this case.
>
>
> If you want sweeping statements, I stand by this: Choose good passwords with
> components chosen by something that is actually random.  And keep those
> passwords secret (so not reused between sites).
>
>
>
> -kb
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

More information about the ubuntu-users mailing list