[ILUG] Accessing home computer from outside
Niall O Broin
niall at linux.ie
Sat Dec 30 18:11:50 GMT 2006
On 30 Dec 2006, at 17:57, Timothy Murphy wrote:
> But what puzzles me is that _before_ this,
> when I "ssh <machine>" I am just asked
> "Do you want to connect to <machine>? Yes/No"
> and when I answer yes I am connected.
Yes, but you do get asked for a password?
> I admit I always give an empty pass-phrase to ssh-keygen .
> Is that a serious mistake?
It's not regarded as best practise, that's for sure. If somebody were
to acquire your private key file, they could use it to access any
machines you can access as you. Think of a pass phrase as a padlock
around your keyring.
Niall
P.S. Here's one for people to chew on - I have a user who can ssh
from his OS-X box to at least two machines we've checked without
providing his pass phrase or a password.
His key DOES have a pass phrase, and there is NO ssh agent running
(he can't then ssh on from the remote box as he could if he had used
an agent). His public key is in authorized_keys on the remote boxes.
Using ssh -v, or running a debug sshd, provides no clues - it just
looks like a login with a key.
As far as I can see, OS-X keychain doesn't provide access to ssh keys
so how the hell he's doing this is a complete mystery.
More information about the ILUG
mailing list