LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-22-2006, 07:16 PM   #1
keysorsoze
Member
 
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Rep: Reputation: 30
SSH Private RSA keys


Hi! I had a question regarding the SSH private key being used when you need to copy it to Windows and generate a .ppk for Putty. I have key based authentication working fine but I had a few questions. First, isn't the id_rsa file supposed to be private(kept on the machine) and not given to anyone? If so why do we copy the id_rsa off the machine instead of the id_rsa.public key to the Windows user? Also why do we need to cat id_rsa.pub into a authorized_keys file in order for the keys to work? Lastly if my .ppk file gets intercepted in the event that I lose my USB key can someone compromise my system?

Thanks.
 
Old 11-22-2006, 08:59 PM   #2
tanvir_ahmed
LQ Newbie
 
Registered: Nov 2006
Location: Canberra, Australia
Distribution: OpenBSD 4.2, Solaris 8/9, Suse, Redhat, Slackware
Posts: 7

Rep: Reputation: 0
id_rsa is the private key and for you to keep or convert to Windows .ppk. This is what you use to authenticate yourself against the server's "authorized_keys" where you cat the id_rsa.pub.

If your .ppk falls in the wrong hands and you don't have a passphrase set then yes they can log on to your system.
 
Old 11-22-2006, 09:40 PM   #3
kotnik
Member
 
Registered: Nov 2004
Location: Novi Sad, Serbia
Distribution: Debian, Slackware, Gentoo, openSuSE
Posts: 254

Rep: Reputation: 31
Encrypt your USB key! It's very unwise to wear unencrypted USB key. See encfs.
 
Old 11-22-2006, 10:25 PM   #4
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797

Rep: Reputation: 282Reputation: 282Reputation: 282
If you use a public key encryption, the 'other' party has your public key and you have your private key. In your situation, the other party is your ssh server, so that one will have the public key.

With regards to the last question:
Yes, they can. But a good passphrase will prevent that. My passphrase is about 20 characters. Assuming that there are roughly 72 characters (uppercase, lowercase, numbers and the stuff above the numbers), you have 1.4 e37 possible combinations (72^20). Assume as well that a brute force attack can do 10 e6 attacks per second (feasable with current PCs), it will take 44,447,088,893,843,884,113,135 years (can somebody please pronounce that) to hack.
Even if you only use lower case (26^20 possible combinations), it takes
63,191,745,608,858 years.

So I think that I'm reasonable safe Of course the first hit can be bingo, but it might also be the last one.
 
Old 11-22-2006, 10:44 PM   #5
keysorsoze
Member
 
Registered: Apr 2004
Location: Queens, NY
Distribution: Red Hat, Solaris
Posts: 295

Original Poster
Rep: Reputation: 30
Thanks for the reply guys and the tips. I'll take the encryption into consideration and the pass phrases. I have a better understanding of how keys work now.

Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh public/private keys lord_darkhelmet Linux - Newbie 8 10-29-2005 03:14 PM
SSH Forcing users to use RSA keys XaViaR Linux - Security 8 07-07-2005 12:42 AM
RSA Keys for SSH XaViaR Linux - General 4 07-02-2005 09:15 AM
Working with SSH and multiple private keys IgD Linux - Security 2 09-08-2003 10:07 PM
Help with SSH and public/private keys stodge Linux - Security 5 05-14-2003 01:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration