Re: [Hampshire] SSH

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAndy Smith at <-
MAndy Smith at ->

Reply to this message
Author: Leo
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] SSH
On 07/03/10 21:32, Tim Brocklehurst wrote:
> On Sunday 07 March 2010 21:21:10 Leo wrote:
>> Is having whole disk encryption good enough not to have to worry about
>> having an ssh passphrase?
>>
>> Thanks,
>> Leo
>>
>
> Disk encryption works well against physical theft. Passphrases are dependant
> on your requirements (automated access by ssh for example) and how confident
> you are about user passwords and access to user accounts (eg. outward facing
> SSH server).
>
> Essentially, they protect you in two differrent ways. So... what's the
> situation?
>
> Tim B.

Aha, perhaps I haven't fully understood ssh then.

My understanding was that a client could have a private key. Its public
key could then be put on the server it wanted to ssh into. I thought the
passphrase was to encrypt the private key on the client machine and so
prevent it being discovered if the machine was e.g. stolen. My thinking
was therefore that if the disk on which the private key is saved was
encrypted, the private key would still be reasonably secure even if it
wasn't protected by a passphrase. Is my understanding flawed/completely
wrong?

Leo


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] [OT] Hardware query/searchRe: [Hampshire] SSH->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)