On Thu, Jan 28, 2016 at 12:42 PM, Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: > On Thu, 2016-01-28 at 12:30 -0700, Chris Murphy wrote: >> I don't trust any of the web browser implementations right now. >> >> The private keys need to be locked (e.g. ssh-add -D) upon either a >> suspend/hibernate, or the screen lock timer being reached. >> >> Maybe I'm missing something, but at the moment if I ssh@server, type >> the key passphrase, logout of the server, forget to ssh-add -D, put >> the laptop to sleep with sudo systemctl suspend, anyone can come up >> to >> my laptop hit a key and they get to the desktop, can ssh into the >> server, all without a password. No lock screen after wake from >> suspend. And no timeout or expiration for the ssh key. > > Why is this such a problem? They already have total control of your > user account; I would be worried about a lot more than your private key > at that point.... You know there is a security feature that would have > prevented this: screen lock. :) > > I don't want to ever type my passhrase. I actually don't even know the > passphrase to my SSH key. I forgot it long ago and now can't use the > key without copying all my gnome-keyring config to each computer I want > to use it on. Really frustrating there doesn't seem to be a way to get > the passphrase out of gnome-keyring, even though it clearly has it > saved somewhere. Umm, OK I'm confused. I have a login password that is pretty much average. But the ssh key has a different and much better passphrase. That my laptop can be awoken from suspend, and someone can go to Terminal and use the up arrow to get the ssh command to another system which requires PKA, and not a single password is required, is rather hilarious because supposedly PKA is a more secure way of doing ssh than passphrases. Whereas in this scenario, a passphrase would actually be more secure because the ssh key "lock" isn't expiring, and also the user made a mistake by not issuing ssh-add -D to wipe it out. In my particular situation I'm not that annoyed because the server happens to be 15 feet away from the laptop. So access to one means access to both. But conceptually I think it's a problem. I'm not worried about the key being copied, maybe I should be. I'm worried about something using the key without asking for the keys passphrase. That's the whole reason why that key has a completely separate passphrase from anything else I use. If that's pointless, then I've got a different problem... -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
