Re: Re: ssh /gnupg passwords storage
------------------------
Vineet Kumar <debian-user@virtual.doorstop.net> wrote:
------------------------
>* Benedict Verheyen (linux4bene@pandora.be) [020806 08:21]:
>> Hi,
>>
>> i have a question on security with regards to key pairs.
>>
>> I have created a keypair on my server so i can log on to me server from
>> my pc. Do i leave the keypair in ~/.ssh or do i move them (especially
>> the private key)? What is regarded as being a safe medium? CD-RW or
>> anything not connected to the server i guess?
>
>As someone else indicated: the private key should only be on your
>local machine. The server to which you are connecting only gets the
>public key. The public key is listed in ~/.ssh/authorized_keys . That
>is all that is needed on the server. See below for discussion of non-HD
>storage of the key.
>
>> Same question could go for gnugp. I've only tested this with WinPT on
>> my win machine at work. I suppose that once the keypair is generated,
>> it would be safer to move the private key to another medium or do you
>> leave the pair on the win 'puter.
>
>Well, if you don't need it there, why did you generate it? ;-) If it's
>convenient for you to pop in a CD every time you need to decrypt or sign
>something (or log in anywhere, if we're talking about an SSH key), *and*
>that that CD won't just be in the drive when someone roots your box
>and/or the feds come and take it away, then yeah, I guess it's better.
>If you just leave that CD in the drive anyway, you don't gain a whole
>lot.
>
>> I suppose encrypting the ssh key pair on the disk/cd where i would
>> keep them would be overkill :-) ?
>
>Yeah, I'd say so. Just use Good passphrases on your private keys.
>Mutliple encryptions add obscurity, but not necessarily security.
>
>good times,
>Vineet
>--
>http://www.doorstop.net/
>--
>Satan laughs when we kill each other. Peace is the only way.
Thanks for the info guys.
Reply to: