Use different keys for different purposes, and keep them in different agents. To protect my agent forwarding, I personally follow a 5th rule: (the snippet of code is the one suggested on various threads, including vairous It will remain happily hanging there forever with all your bashrc, don't forget that every time you open a terminal you are creating a new agent If you are one of the old school guys that simply starts his agent with something Make sure your keys and your agent are unloaded when you log off your machine. Is not theoretical: getting access to your keys takes at most a few lines of a shell Sharing your keys with anyone who managed to get root on that machine. Only forward your agent connection to machines you trust.Īs you will see further down in this article, forwarding an agent is equivalent to To not abuse his privileges, and to do a good job at keeping the system safe, Just as with the keys, I generally don't run ssh-agents anywhere but my laptop.Īnd when I say "has root on", consider that you are both trusting that person Never ever run an ssh-agent on a computer somebody else has root on. Keys on my personal laptop, and start all ssh sessions from there. I generally go further and only keep my private If you also use that key from that computer (why would you copy it, otherwise?), If you do, you just shared your keys with that person. Never ever copy your private keys on a computer somebody else has root on. If you are the impatient kind of reader, here is a a few rules of thumb you should Unfortunately for you, we promised a follow up to talk about the security implications of using WINDOWS TERMINAL SSH TIMEOUT HOW TOIn a previous article we talked about how to use ssh keys and an ssh agent. The pitfalls of using ssh-agent, or how to use an agent safely
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |