From owner-freebsd-security  Tue Mar  5  4:17:20 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.spc.org (insomnia.spc.org [195.224.94.183])
	by hub.freebsd.org (Postfix) with SMTP id F29EA37B400
	for <freebsd-security@freebsd.org>; Tue,  5 Mar 2002 04:17:15 -0800 (PST)
Received: (qmail 4882 invoked by uid 1031); 5 Mar 2002 12:06:10 -0000
Date: Tue, 5 Mar 2002 12:06:10 +0000
From: Bruce M Simpson <bms@spc.org>
To: Rasputin <rasputin@submonkey.net>
Cc: freebsd-security@freebsd.org
Subject: Re: SSH
Message-ID: <20020305120610.B494@spc.org>
Mail-Followup-To: Bruce M Simpson <bms@spc.org>,
	Rasputin <rasputin@submonkey.net>, freebsd-security@freebsd.org
References: <20020212021144.AB98D9EE47@okeeffe.bestweb.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020212021144.AB98D9EE47@okeeffe.bestweb.net>; from rasputin@submonkey.net on Tue, Feb 05, 2002 at 02:26:58PM +0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Feb 05, 2002 at 02:26:58PM +0000, Rasputin wrote:
> * Michael Vince <michael@roq.com> [020205 08:05]:
> > I just wanted to know how dangerous are ssh keys with no password phrases? 
> You need to keep them safe, since any old monkey can use them to get into
> boxes as you ( although you can restirct that slightly - see the AUTHORIZED_KEYS 
> part in sshd(8) )

Generally I keep my SSH keys and personal X.509 certs on a floppy which is
carried on my person at all times, although I am shortly going to be converting
to either Memory Stick or CompactFlash now that readers (and media) are so
easily available.

Passwords are important - always keep physical control over your keys. Keeping
them encrypted with IDEA is an important time buying measure if you do lose
them, unless the password is also compromised (careless!), in which case
you lose all security.

I find it helpful to use multiple SSH keys for different domains of trust-
i.e. never mix business with pleasure.

BMS

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message