On Thu, Aug 12, 2004 at 03:17:34PM -0500, Chris Frederick wrote: > Hey gang, > > I have a question about the PubkeyAuthentication methods of ssh. I know > you can use PubkeyAuthentication to log into a server without a > password. And you can also restrict it to require > PubkeyAuthentication. But what concerns me is if I use putty to log > into a server from windows using my private key, and my windows machine > gets compromised, then whoever has my putty private key file can get > access to my server. I could use a usb-key for storing the private key > as well, but there's still the issue of someone stealing it or it simply > getting lost. Is there any way to require the PubkeyAuthentication > method, and after you pass that level, it still asks for a password? > That way if I ever find that the Windows box has been broken into, I > still have some level of assurance that the server is still safe (at > least long enough for me to regenerate and set up new keys). Well.. Sort of.. You just encrypt your private key, which you should do anyway. Then, in order to ssh out of your windows box, you'll ahve to enter your pass phrase to decrypt your key. Check out gentoo's keychain (ported everywhere now) for keeping your decrypted private key in memory so that you can store your key encrypted, yet enjoy passwordless access. I'm sure there's a similar application for windows. hth, dan _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list