passphrases [was: Re: ssh encryption strength]

mike h foobar at u.washington.edu
Sun Feb 6 23:53:10 PST 2000 

On Sun, 6 Feb 2000, William Kreuter wrote:

|Let's assume that
|ssh is otherwise all set up and there's no question about the security
|of any of the machines involved.

This last statement is loading your question.  If there's no question as
to the security of either system, why would you be using ssh?  =)  Let's
instead be realistic and assume that ssh is properly installed and
configured on both machines and that the security on either machine is
always in question...


|My question essentially was, what additional security is provided by
|the passphrase, and how (if at all) is my security lessened by not
|setting a passphrase.

This is sort of long, but please read it.  I believe it's important.  
Here's how I look at it:

Consider two separate models: one in which you are computing from a
known-secure bastion host, using ssh and authenticating to remote systems
via RSA public keys; and another in which you are using ssh with RSA
authentication from a centrally managed system with security that is out
of your control and is always considered an at-risk machine.

In the first model you have control of the computer; you are diligent in
managing the security of the operating system and its overall computing
environment.  If you are positive that no person could ever steal or
otherwise obtain a copy of your private ssh key (~/.ssh/identity) then it
would be conceivable to forego the use of a passphrase on your ssh key.  
If a person were to steal your private key, they would have free reign
over all those sytems which trust your public key to authenticate your
identity.  But that won't happen because your system is tight!

In the second model you're using an account on a system which does not
have full-time management or may be behind on it's operating system
patches or upgrades.  Or maybe this sytem is yours but you do not have the
time/resources to spend on the upkeep of all the computers you manage so
you do what you can and hope to god that it's good enough.  You know that
this system could be compromised and you'd never know it until it was way
too late.  Since this machine is not *known* to be secure at all times,
and you know that if someone were to steal a private ssh key without a
passphrase that the account on this and other systems would be
compromised, you decide to use a passphrase with the RSA key associated
with this account.  This way, the stolen private key is useless unless the
intruder also knows your passphrase.

I believe that no computer is ever secure all the time.  I think that to
believe the contrary would be...well, wrong.  That being the case I use
passphrases. If something needs to be automated I'll figure something out,
but my accounts which I value all have passphrases on their RSA keys.

To sum it all up, the difference between using a passphrase and not is
that you can do RSA public key authentication into any account you wish if
you have their private key and it's not protected with a passphrase.  If
the key has an associated passphrase, you can't.

If you have other questions or think I've made a mistake somewhere, let me
know.

-----------------------------------------------
Michael Hornung		foobar at u.washington.edu

More information about the Linux mailing list