[TriLUG] Remote Execution using remctl
John Vaughters via TriLUG
trilug at trilug.org
Wed Sep 2 14:37:00 EDT 2015
Agreed Igor, I keep my keys pass phrase encrypted and use long sentences that I can remember that are never written anywhere. For key management, Putty on windows has pageant and ssh-agent for linux eliminates using pass phrases repeatedly. I mainly use passwordless keys for automation and heavily restrict the SSH access for those keys. But the beauty of the key concept is that a person has to get that key before they can even attempt to access anything if you turn off user/passwords auth.
John Vaughters
On Wednesday, September 2, 2015 2:23 PM, Igor Partola <igor at igorpartola.com> wrote:
Alan,
You might want to reconsider your policy of keeping unencrypted ssh keys, even on machines you trust otherwise. I keep mine encrypted, but also run ssh-agent so that I don't have to enter my passphrase all the time. This also has the benefit of allowing me ssh-agent forwarding so I can go from home laptop to random server A to random server B, even though random server A doesn't have my ssh_id.
Another thing this lets me do is to see a notification any time my private key is used (or even pop up a confirmation dialog before allowing its use). That way I can see some rogue program is trying to get access to it.
Igor
More information about the TriLUG
mailing list