The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

passphrases are your friend 6 July 2000
Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles
About three months ago, I wrote about How to copy files around without anyone seeing them.  In response to that article, Jeff Seely has written in about passphrases.  Thanks.

A passphrase is often associated with ssh and pgp identity keys.  In order to use the keys, you must enter your secret passphrase.  But passphrases are optional, as you can see in the above link.

Jeff Seely writes:
If you don't set a passphrase and someone manages to get their hands on the file that store your private key they can use them.  However, if you set a passphrase they can try to use them but will still need to have your passphrase for them to work properly.  Here are two excerpts from a tutorial I read that is mentioned later in this article.

To further protect your private key you should enter a passphrase to encrypt the key when it is stored in the filesystem. This will prevent people from using it even if the gain access to your files.

Always, always, type in a good pass-phrase when prompted for one. It can be multiple words (i.e. spaces are just fine within the phrase), so you could choose a sentence that you can remember. Changing some  of the words by misspelling them or by changing some of the letters into digits is highly recommended to  increase the strength of your pass phrase.

I know what you are thinking, the purpose of you trying scp in the first place was so you didn't have to enter a password (or passphrase), or store them in clear text in your scripts.  And you are right, you will be prompted for your passphrase if you set one.   But I did a little research and found a way around that.  The ssh protocol suite has two utilities for this, ssh-agent and ssh-add.  What you would do is run "ssh-agent $SHELL" and use "ssh-add" to add your public key's passphrase into memory.  I hope I am making sense, because like I said my knowledge of crypto, and ssh is not great, but I set my system up like this and it works for me.   I found a very good resource at http://csociety.ecn.purdue.edu/~sigos/projects/ssh/overview/ if you would like to check it out.

Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles