This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Keygen for ssh (Was RE: Question about "rexec")

> Just for future reference a nice quick way to do all this is to use
> script (comes with the open ssh package)
> so just
> ssh-user-config -y
> (press enter for blank passphrase a few times)

Good idea.  A lot simpler.

> cd ~/.ssh
> sftp user@remotehost
> cd .ssh
> mput *

Bad idea.  Never copy both the private and public keys together.  In most
cases, you should be copying the public key.  However, there are rare cases
when you want to copy a private key instead.

Also, just because someone wants to be able to connect from machine A to
machine B without a passphrase does not mean the reverse is true.  For
example, when I login to or I don't use
passphrase.  However, I don't want anyone on those machines, including the
system administrators to be able to connect back to my home computer.  I
know a system administrator on a company intranet who was fired for
copying and using confidential information.

Since a system administrator could replace 'ssh' or 'ssh-keygen' with a
version that logged my password, that means I need to take extra
precautions.  The most secure thing to do is to never allow a connection
from an untrusted machine to a trusted machine.  However, if you do need to
do so, generate a key pair in advance on the trusted machine that requires a
passphrase.  Install the private key on the public machine and the public
key in the authorized_keys file of the trusted machine.   Only use the key
pair once, before removing the public key from the authorized_keys file and
generating a new pair.


Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]