Ubuntu server remote file access

[Paul Smith]

On Mon, 2013-09-30 at 21:02 +0100, Colin Law wrote:
> > If someone gets a copy of the file containing your private key, they still
> > have to break the encryption on that file.  When you ran "ssh-keygen" it
> > asked you for a passphrase, and it used that to encrypt that file and
> > protect your private key.  If they brute force that passphrase *then* they
> > have your private key.
> >
> > Unless you didn't put on a passphrase.  It seems everyone just leaves that
> > part blank, twice.
> 
> The PC is at my home so normally no-one with evil intent has physical
> access to it.  If my PC is stolen then it will be by someone who wants
> to sell it, not in order to gain access to my servers.  Therefore
> there is no benefit for me in adding a passphrase.  For others the
> situation is different of course.

It is an individual choice, that's true.  With the advent of the SSH
agent facility, though, IMO it's hard to justify not using a passphrase
(unless you need unattended login as discussed before).

With the agent, the first time you use your key (regardless of how it
happens: ssh, scp, GUI, whatever) a dialog box will pop up on your local
system, where you type in your passphrase.  It's remembered until you
log out from or reboot your local system so you don't need to continue
to enter the passphrase.

In any event, if you have complete responsibility for the systems on
both ends (client and server), then what you do is up to you.  However
in my case I'm usually logging into _other peoples'_ servers, and they
are trusting me to do that in a safe and secure way.  I feel a
responsibility to ensure I do whatever I can within reason to reduce
_their_ risk.

Adding a passphrase is very little trouble for a good bit of extra
security.

Cheers!