On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
On Thursday 19 May 2005 4:34 pm, Chris Green wrote:
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with access to my work machine or my home machine will be able to login to these remote systems without knowing the password but that's not a big problem really, there is far more important and sensitive information on my desktop machines than there is on the places where I remotely login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
The encryption is no weaker, but the public key is.
So if one of your machines gets somehow compromised and the keys get copied then the attacker can log into your remote machines without knowing any additional passwords. Essentially you have taken the something you are, something you have, something you know security model and broken it down to the point where you are only using one of those factors...this is never a great idea.
You could mitigate this potential security risk somewhat by limiting where your remote machines will accept ssh connections from, but this is only a small step in security improvement compared to having passphrase protected keys.
It's pretty much the computing equivalent of leaving a set of your car keys on your desk at all times, complete with a keyring providing your vehicle registration. Fine if you trust everybody that potentially has access to your desk.
Well I do that as well! :-)
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
Yes, that's one of my reasons for doing it as well.
Thanks for the excellent explanation of what the risks are, knowing what they are is half the battle.