On Fri, Mar 22, 2013 at 10:20 AM, James Knott <james.knott@rogers.com> wrote:
Greg Freemyer wrote:
I don't know as much about this as I should, but ...
Doesn't ssh store your private key in plaintext under ~/.ssh
That is using keys is only more secure than a password if the keys are maintained securely. Ssh does not do that (does it?). I don't know about tools like putty etc.
No, it is not stored in plain text. There are two parts to the key. One is the private part, id_rsa, that is stored in your .ssh directory and the other, public part is stored on any server you wish to access in a file called authorized_keys. Both keys are long strings of what appear to be random characters, but they are generated by ssh-keygen to be mathematically related. Only the private part can be used to unlock the public.
Here is the public part of one of the keys I use. The private part is much longer.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl0D+JWAKcaue2s1eO0ZHHbLH6l33VrhzqW03cJ/Gg6idtO5Xn94MOv0DnIYuoXJUJA6apqxHRn9U e8rJgjIcFUcGRHGSEndXnXVMapYtWiHfXOfqixQ9YAZTPMdoi1MQEbI+UsgMzDZJhEtrMEgI+GKDxqWdTgZw3OmR1jzVixcKX+LAd6nip2XSMhB2QCW dLNGpIL/iHLX2ZnyILRJpd/zv5WNglYJqMEnaukGHwzwSRH33ytrf0ustyygE6OMYj5+0r0qc8LFaxa119l5FiJMN8KBzzb8AjZKNqWOIeiAGg7xd0O hEIVpS6lut6sqVuJ0adG5mkYBBPDGzrlpbT//6mJ2GauLZKxjrHn9Nc8+d0oLQDkPznjxPkxMSZ+NAVxNcAkWMc86Y7gPv3DyVYB0Ib89v3HxQYi+bY mC9aS22w8bp3O+397B90flnoPRaRQoKJqZb7BVt3PZW/5pCzoFM9znXrZAMt5TEZZQ4gWxZjF3AE8B6ukCfS9OxrdMO9ggC86Jc083aXQg8QfJRGe8z jjvJZ2jcYd/Z5g7w9gjBDJENNWwjjpwbltSZgXbAOEUtgsYfCMshMpWRlEzVH4dMCqS2numPPtbHtjLVuvPZjvWldirhgx1L9PsKXfX26OvRDayA6NO 9IP6tlB6F9e4uuYJNq+LtEda3w==
After the == is the user & host name of the computer the public part came from .
Here's some info on the subject:
James, You said something about using a key so you don't have to know passwords? I took that to mean you were using a private key without a passphrase. In that specific scenario, if I somehow hack your computer and steal the contents of your private key file, can't I take it to another computer and use the key to log into the various accounts you have setup to use that key? fyi: For the purpose of my question, that wiki article is just about useless. This info from the wiki page in particular needs clarification: "The private key was saved in .ssh/id_rsa file which is the read-only file. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key." That is, with no passphrase used during key generation, is there any security at all once a unauthorized user grabs that file? What is the situation with a passphrase? Assuming the file is encrypted if a passphrase is provided, how well is it encrypted. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org