Re: removing ssh access in an emergency

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mikkel L. Ellertson wrote:
Ian Malone wrote:
This occurred to me this morning:

I log into my home machine remotely using an ssh
authorised key which I keep on a USB stick.  In the
event it was lost or stolen it's pretty unlikely anyone
would use it to try to break into my machine, but
ideally you would want a remote way to disable the key.
Has anyone thought about this?

My first thought was a user account with password
authentication that instead of a login shell would run a
program which deleted the authorized_keys file in
question.  Is this open to exploitation? (other than
running the risk that someone cracks the password
and prevents me logging in)

Well, if you have a good pass phrase on the private key on the USB
stick, it will take them a while to break it and be able to use the
key. This should give you more then enough time to remove the public
key of the key pair from the authorized key file on the machines in
question. If you have ether a second authorized key for that
account, or another account with a different authorized key, you can
use that to remove the first key. Just make sure that you do not
keep both private keys on the same media, or stored together in a
way that would result in someone getting both keys at the same time.
It is also a good idea to use a different pass phrase for each key.


To be honest, what I would actually do is just generate a new key
when I got home and I tend to use seemingly random long alpha-numeric
mixed case strings with punctuation as passwords.  I was wondering
if there was a neater solution than using another key.

--
imalone

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux