LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-15-2013, 05:57 PM   #1
stateless
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 144

Rep: Reputation: 4
ssh password caching?


Hey there. I password protected an ssh private key on a system for security reasons. However, entering the password every single time is getting to be a bit annoying, and even problematic in some applications. I seem to recall hearing that Linux has some kind of short-term password caching mechanism, but I can't remember any of the details. Can I get some guidance from the gurus?
 
Old 11-16-2013, 04:10 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
Quote:
Originally Posted by stateless View Post
Hey there. I password protected an ssh private key on a system for security reasons. However, entering the password every single time is getting to be a bit annoying, and even problematic in some applications. I seem to recall hearing that Linux has some kind of short-term password caching mechanism, but I can't remember any of the details. Can I get some guidance from the gurus?
This will always be a trade-off. IMHO looking for a short-term password caching mechanism is choosing the easy way out. That has nothing to do with security. If a key is used by human users then there's no single other simple way than to require users to use ssh-agent. If a key is used by a non-human user then your options are limited in that you could ponder using a pass phrase-less key provided you do not use the root account and limit network, user, file system access, connection options and the commands that can be run. In case of the latter it would be good to strengthen your system to ensure a proper audit trail can always be retrieved afterwards.
 
Old 11-17-2013, 08:46 PM   #3
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 1,974

Rep: Reputation: 289Reputation: 289Reputation: 289
As unSpawn mentioned, if you want a passphrase protected key, you will need an "ssh agent". In the Windows world, where many people use "putty" for their ssh client, the agent is named "pageant" and comes with the putty distribution. In the Linux world, the ssh agent is named "ssh-agent" (who would have thought?!)

Another option is to keep your private key, with no passphrase, on an external thumbdrive that you plug into your computer when ssh'ing. Then remove the thumbdrive when you're done for the day. And never lose the thumbdrive into some evil villians hands, since you private key is unprotected. You could also encrypt the thumbdrive so that even though your private key has no passphrase, it is still protected. But if you're going to that trouble, might as well just use an ssh agent instead.

For software using the keys, I don't know of any way to do that except by using no-passphrase keys. Who knows, somebody may be able to suggest a way to do that, but I don't know a way personally.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't backspace password (e.g. su and ssh password) on Xterm simopal6 Linux - Software 4 04-28-2013 03:16 AM
[SOLVED] SSH: Asks for password: Permission denied (keyboard-interactive,password). tulicloure Linux - Newbie 7 02-14-2012 09:48 AM
[SOLVED] NIS with nscd on, username and password caching issue luvshines Linux - Security 3 02-28-2010 11:31 AM
get "failed password" when scripts ssh in, but ok when I manually ssh in??? callagga Linux - Networking 4 02-06-2009 02:49 PM
need help with no password ssh and ssh-agent hedpe Linux - Networking 3 02-08-2007 08:49 PM


All times are GMT -5. The time now is 10:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration