ssh secret key management

a_neutrino · 2011-03-26 03:15:21

Hi,

I'm quite saavy in regards to ssh. I use ssh-agent and I ssh into my mom's and my girlfriend's boxes for doing maintenance.
Suppose that I have an account on those boxes :

* Should I create a new key pair, using the same passphrase?
-OR-
* May I safely scp my secret key to all of my account's .ssh directory? The point would be to only have to add one public key to every authorized_keys file.

Thank you,
Alexandre

P.S. the correct spelling is "savvy"

Last edited by a_neutrino (2011-03-26 16:21:01)

graysky · 2011-03-26 09:09:14

a_neutrino wrote:

I'm quite saavy in regards to ssh

Sure about that Why would you need your secret key on their machines at all? That's the whole point of a key pair. Use the pub key.

Last edited by graysky (2011-03-26 09:11:26)

a_neutrino · 2011-03-26 16:09:43

graysky wrote:

Why would you need your secret key on their machines at all?

For example, I have an account on my mother's machine. When I'm at her place, I log in and then ssh in my own box to do some work. I also have virtual machines I play around with. I also intend to buy a used laptop. If I copy the same key pair on all the machines I control, then it's much easier to manage the authorized_keys list and ssh back and forth. I'm just looking for opinions and recommendations from people who might be in the same situation or who knows better.

Ramses de Norre · 2011-03-26 16:16:32

Why ssh into the local box instead of just su'ing?

a_neutrino · 2011-03-26 16:20:41

Ramses de Norre wrote:

Why ssh into the local box instead of just su'ing?

Did I say that?

Ramses de Norre · 2011-03-26 17:05:52

a_neutrino wrote:

Ramses de Norre wrote:
Why ssh into the local box instead of just su'ing?
Did I say that?

Oh, I misread your post

rowdog · 2011-03-26 20:38:53

It's less safe than not putting your key out there but the risks should be minimal as long as you have a good passphrase. If an attacker can get your private key file they can attempt to brute force it but they will still have to defeat DSA (or whatever you use).

hexanol · 2011-03-26 21:35:08

That's not totally true in the case where a machine is compromised and the passphrase you use is logged (a way or another). When this happens, there's no need to do a brute force attack on the key.

That said, you have a lot less access control if you are using a single key everywhere. And if the key get compromised, then it's a lot more work to manage then if you had used a single key for each user/box. Also, I don't see how managing a key pair per user/box is more work than copying a private key all over the place. I mean, does it really make sense for users on your virtual machines to be able to login to your mom's computer ?

a_neutrino · 2011-03-27 01:14:23

To summarize:

Re-using the same secret key on all boxes:
pros:
adding one line on authorized_keys allows me to log in from all boxes
cons:
less secure
less flexible access management
I get funny reactions in the forum (jk)

Creating a fresh key pair for every box:
pros:
ssh-copy-id makes it easy (just discovered that command)
fine-grained access management
cons:
all gone

Thank you for your input. Feel free to keep posting if you have further points, I'll keep reading.

hexanol wrote:

does it really make sense for users on your virtual machines to be able to login to your mom's computer ?

No, it doesn't. My virtual machines are for my own use for learning and testing purposes. Anyways, what I really was looking for was to know what people generally did for this specific part of key management. I think what confused me was that one usually wants no more than one secret key when using GnuPG (exept for sub-keys).

kang · 2011-03-29 14:54:49

No you should not put your private key everywhere, unless you really trust those places.

There are several possibilities, ranging from different keys, smart card with opengpg (which works with SSH), usb stick, to password access, etc
Many of these are decent security wise and quite convenient but none solves the bare issue:

* if the machine is compromised, someone can access your main workstation, even if it's difficult (smart card), it's possible and not inhuman either.

Yet, there is one security solution exactly made for your problem, introducing (*music*) one-time passwords.

You basically have a list of one time passwords and use the first one to connect, it will work _only once_ then be invalid. Next connection, will use the next password and so on.
You gotta keep the physical list with you, of course. If the computer is compromised they cannot reconnect to your system (they can still use the current connection if they're very skilled, or if you have set a master control ssh socket for example of course - but at this point you probably have noticed and disconnected, and the above is pretty high level)

See man ssh and skeyinit. Use skeyinit to generate your list, make it as long as you need and print it out. Don't copy it digitally as it would void any security of course. Don't use it without a list (aka connect with first pass and generate new for the next time) as it's equally insecure.

Good luck!

Last edited by kang (2011-03-29 14:55:12)

Stebalien · 2011-03-29 17:19:11

If you are willing to spend some time and $25 you should look into Yubikeys and yubico-pam.

Arch Linux

#1 2011-03-26 03:15:21

ssh secret key management

#2 2011-03-26 09:09:14

Re: ssh secret key management

#3 2011-03-26 16:09:43

Re: ssh secret key management

#4 2011-03-26 16:16:32

Re: ssh secret key management

#5 2011-03-26 16:20:41

Re: ssh secret key management

#6 2011-03-26 17:05:52

Re: ssh secret key management

#7 2011-03-26 20:38:53

Re: ssh secret key management

#8 2011-03-26 21:35:08

Re: ssh secret key management

#9 2011-03-27 01:14:23

Re: ssh secret key management

#10 2011-03-29 14:54:49

Re: ssh secret key management

#11 2011-03-29 17:19:11

Re: ssh secret key management

Board footer