Security Basics mailing list archives
Re: SSH Passphrase
From: Johan De Meersman <jdm () operamail com>
Date: Thu, 06 Mar 2003 13:11:14 +0100
An SSH-passphrase doesn't relate to the security of the connection, it only prohibits a stranger from accessing your key (and thus initiating a connection). The SSH connection security is based on your and the server's public and private keys, which are created using a (to me at least) pretty complex piece of mathematics involving huge prime numbers. Thus, with our without passphrase, the connection itself will always be secure.
The ssh-agent does indeed request the passphrase at the beginning of the session, but nothing prevents you from setting up a session at any given time, and a session can last from boot till shutdown without having to re-enter the passphrase. If you start ssh-agent without a command line you'll get a number of variables printed. If you set these in any script that requires ssh-authentication, it'll know to authenticate to that instance of the agent. See man ssh, man ssh-agent and man ssh-add for more details on this.
Stefan Lesicnik wrote:
Hi,Im fairly new to private and public key encryption, so dont quite understand all the concepts. I have the need to scp a file to a remote server without specifying the password as it is done from a non-interactive script. I have accomplished this by generating a dsa key without a passphrase. Although this works I am worried about the security concerns of doing this? (Without a passphrase, how does it authenticate? Based on the machines dsa key which was made from machine specific entropy?) I know of programs such as ssh-agent, but these require you to enter a passphrase at the beginning of the session which it then remembers, this isnt possible as it is non-interactive in my case. Does anyone have any ideas or comments? TIA Stefan Lesicnik
-- Public GPG key at blackhole.pca.dfn.de .
Attachment:
_bin
Description:
Current thread:
- Re: Outlook web access rogue (Mar 03)
- <Possible follow-ups>
- Re: Outlook web access i.t (Mar 03)
- SSH Passphrase Stefan Lesicnik (Mar 05)
- RE: SSH Passphrase Michael Cunningham (Mar 06)
- RE: SSH Passphrase Michael Sconzo (Mar 06)
- Re: SSH Passphrase Devdas Bhagat (Mar 06)
- Re: SSH Passphrase David M. Fetter (Mar 06)
- Re: SSH Passphrase Janus N. (Mar 07)
- Re: SSH Passphrase Johan De Meersman (Mar 08)
- SSH Passphrase Stefan Lesicnik (Mar 05)
- Re: Outlook web access Devdas Bhagat (Mar 03)
- Re: Outlook web access Nuzman (Mar 04)
- Re: Outlook web access Chris Travers (Mar 03)
- RE: Outlook web access CHRIS GRABENSTEIN (Mar 03)
- RE: Outlook web access Jennifer Fountain (Mar 03)
- Re: Outlook web access David Glosser (Mar 05)
- Re: Outlook web access Mark Ng (Mar 06)
- Re: Outlook web access David Glosser (Mar 05)
- Outlook web access Sys Sec (Mar 03)