passphrases [was: Re: ssh encryption strength]

A. Racine aracine at u.washington.edu
Mon Feb 7 01:33:35 PST 2000 

# |Let's assume that
# |ssh is otherwise all set up and there's no question about the security
# |of any of the machines involved.
# 
# This last statement is loading your question.  If there's no question as
# to the security of either system, why would you be using ssh?  =)  

Because systems on the network other than the two involved in the
connection may be sniffing the network.

# Consider two separate models: one in which you are computing from a
# known-secure bastion host, using ssh and authenticating to remote systems
# via RSA public keys; and another in which you are using ssh with RSA
# authentication from a centrally managed system with security that is out
# of your control and is always considered an at-risk machine.
[snip]
# Since this machine is not *known* to be secure at all times, and you
# know that if someone were to steal a private ssh key without a
# passphrase that the account on this and other systems would be
# compromised, you decide to use a passphrase with the RSA key
# associated with this account.  This way, the stolen private key is
# useless unless the intruder also knows your passphrase.

If the system had been compromised, the intruder could have stolen each
user's key and put a trojan ssh in place that would record each
destination host, username, and password/passphrase that was entered.  It
wouldn't matter whether or not you used a passphrase in that case.  Your
other accounts could still be compromised.

I'd say that passphrases are more to protect the remainder of your
accounts in the event that one of your accounts is compromised.  If a
system you ssh from is compromised, I wouldn't trust that your other
accounts are safe simply because you use a passphrase.  In either case,
you should remove the potentially compromised key from all authorized_keys
files in all accounts you own and generate a new key (from a known-secure
box - you don't need a trojaned ssh-keygen recording your new passphrase).


Aaron

There is no greater sorrow than to recall, in misery, the time when we
were happy.

More information about the Linux mailing list