Re: SSH key encryption when using FDE

2016-08-03 Thread Predrag Punosevac
Stuart Henderson wrote: > On 2016-08-03, Hugo Osvaldo Barrera wrote: > > Doesn't the fact that ssh-agent is running somehow make the keys > > accessible anyway? > > If it's running and you haven't told it to forget the keys one > way or another: yes. > > Some screen lockers allow you to run ano

Re: SSH key encryption when using FDE

2016-08-03 Thread Rubén Llorente
Nick Holland wrote: > Now, I suspect (nb: I am not a cryptographer or SSH coder. But I sat at > a table with one once, and was completely in awe) the key has to be held > in unlocked form in RAM, so perhaps a very serious breach that allowed > the raw access of system RAM might produce it...but wo

Re: SSH key encryption when using FDE

2016-08-03 Thread Stuart Henderson
On 2016-08-03, Hugo Osvaldo Barrera wrote: > Doesn't the fact that ssh-agent is running somehow make the keys > accessible anyway? If it's running and you haven't told it to forget the keys one way or another: yes. Some screen lockers allow you to run another program; one thing you can do is run

Re: SSH key encryption when using FDE

2016-08-03 Thread Nick Holland
On 08/02/16 21:02, Hugo Osvaldo Barrera wrote: > On Tue, Aug 2, 2016, at 22:01, Nick Holland wrote: >> On 08/02/16 01:48, Remi Locherer wrote: ... >> > I still makes sense to encrypt your ssh keys. Think of a bug in a >> > browser >> > that allows a server reading your files. >> >> right. >> >> Dis

Re: SSH key encryption when using FDE

2016-08-02 Thread Hugo Osvaldo Barrera
On Tue, Aug 2, 2016, at 22:01, Nick Holland wrote: > On 08/02/16 01:48, Remi Locherer wrote: > > On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera > > wrote: > >> Hi, > >> > >> I've always used password-protected ssh keys, with ssh-agent, > >> and in > >> recent year, I've been using f

Re: SSH key encryption when using FDE

2016-08-02 Thread Nick Holland
On 08/02/16 01:48, Remi Locherer wrote: > On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera wrote: >> Hi, >> >> I've always used password-protected ssh keys, with ssh-agent, and in >> recent year, I've been using full disk encryption as well. >> I'm wondering if there's some redundanc

Re: SSH key encryption when using FDE

2016-08-01 Thread Remi Locherer
On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera wrote: > Hi, > > I've always used password-protected ssh keys, with ssh-agent, and in > recent year, I've been using full disk encryption as well. > I'm wondering if there's some redundancy here, and if using FDE > nullifies the need f

SSH key encryption when using FDE

2016-08-01 Thread Hugo Osvaldo Barrera
Hi, I've always used password-protected ssh keys, with ssh-agent, and in recent year, I've been using full disk encryption as well. I'm wondering if there's some redundancy here, and if using FDE nullifies the need for password-protecting the keys, or if there's some attack vector I'm no consideri