[sf-lug] passphrase

Tom Haddon tom at greenleaftech.net
Sat Dec 22 10:54:36 PST 2007


On Sat, 2007-12-22 at 01:36 -0800, Kristian Erik Hermansen wrote:
> On Dec 22, 2007 1:19 AM, Alex Kleider <a_kleider at yahoo.com> wrote:
> > Thank you Rick for that explanation: I had read about the
> > public/private key pairs and how that cleverly allows encryption
> > without a preliminary exchange of encryption keys but it had never
> > occurred to me about the problem of keeping the private key truly
> > private while it sits on a multiuser machine. Now I get how the pass
> > phrase fits into the picture.
> 
> Strong Authentication is a term used to describe when you have two
> forms of security access control implemented.  There are three forms:
> something you are, something you have, and something you know.  In
> this case, it would not qualify as being "strong" if you did not set a
> password, because anyone could steal your key and get in (something
> THEY have now).  If you set a password, they could also need to
> convince you to divulge that as well.  If you implement all three, say
> using biometric authentication, even better :-)

While we're on the topic, I'll mention a little utility I use called
keychain. Basically it prompts me once (at login) for my private key's
password, and then stores that for the session so when I'm logging into
multiple different servers I don't get prompted for my password each
time. Security *and* convenience. Just run the following at login:

keychain ~/.ssh/id_dsa (or whatever your path to your private key is

Thanks, Tom





More information about the sf-lug mailing list