On Thu, Aug 12, 2004 at 03:17:34PM -0500, Chris Frederick wrote:
> Hey gang,
> 
> I have a question about the PubkeyAuthentication methods of ssh.  I know 
> you can use PubkeyAuthentication to log into a server without a 
> password.  And you can also restrict it to require 
> PubkeyAuthentication.  But what concerns me is if I use putty to log 
> into a server from windows using my private key, and my windows machine 
> gets compromised, then whoever has my putty private key file can get 
> access to my server.  I could use a usb-key for storing the private key 
> as well, but there's still the issue of someone stealing it or it simply 
> getting lost.  Is there any way to require the PubkeyAuthentication 
> method, and after you pass that level, it still asks for a password?  
> That way if I ever find that the Windows box has been broken into, I 
> still have some level of assurance that the server is still safe (at 
> least long enough for me to regenerate and set up new keys).

Well..  Sort of..  You just encrypt your private key, which you should do
anyway.  Then, in order to ssh out of your windows box, you'll ahve to
enter your pass phrase to decrypt your key.

Check out gentoo's keychain (ported everywhere now) for keeping your
decrypted private key in memory so that you can store your key
encrypted, yet enjoy passwordless access.  I'm sure there's a similar
application for windows.

hth, 
dan

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list