Nick Holland <n...@holland-consulting.net> wrote: > Now, I suspect (nb: I am not a cryptographer or SSH coder. But I sat at > a table with one once, and was completely in awe) the key has to be held > in unlocked form in RAM, so perhaps a very serious breach that allowed > the raw access of system RAM might produce it...but would also produce a > lot of other nifty things, and by that point, your system is so > completely compromised, not much is trustworthy anymore. > > Nick.
I have actually seen step by step instructions for doing just that, but I don't have the link around. You essentially need root permissions for pulling that off. Ssh-agent prevents an intruder from stealing the key material in any useful form, but it does not prevent him from using the material that is already kept by the agent - if he is able to send a query to your agent, he will be able to use the keys even if he does not get to see them. I encrypt my key materials even when I am using PFDE, I just don't think the agent is something it is not. -- OpenPGP Key Fingerprint: BB5A C2A2 2CAD ACB7 D50D C081 1DB9 6FC4 5AB7 92FA
