INTL 3:770/1 3:770/3
REPLYADDR cl@isbd.net
REPLYTO 3:770/3.0 UUCP
MSGID: 5e785908
REPLY: 8a6650b2
PID: SoupGate-Win32 v1.05
Theo wrote:
> Chris Green wrote:
> > Theo wrote:
> > > Chris Green wrote:
> > > If the keylogger is on your machine, it can get the passphrase but it
> > > doesn't get the private key unless it is specifically designed for
attacking
> > > ssh and can read your private keys. eg you might see the following in
the
> > > keylog:
> > >
> > > ssh chris@server.bigcorp.com
> > > abr@cad4bra
> > > ls
> > >
> > > and it's clear that abr@cad4bra is your password. If that was your
> > > passphrase it wouldn't help attack anyone.
> > >
> > Not true, you're advocating separate keys for each remote and not
> > keeping thenm in an agent so login isn't 'passwordless' or automatic.
>
> I wasn't advocating that. The agent's purpose is so you only have to type
> the passphrase once per session - if that makes keys easier to use and maybe
> helps you have a stronger passphrase (since you don't need to type it so
> often), then why not?
>
This is where we came in! :-)
If you use agent then, once the passphrase has been entered, anyone
can walk up and log in to that remote system without know the passphrase.
--
Chris Green
Ā·
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225
SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17
SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426
SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038
SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364
SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100
SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35
PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426
|
