2

I am worried about the security implications of using ~.ssh/config. If somebody steals my home computer and looks in my ~/.ssh/config file, they would immediately know which other computers I'm using and how to connect to them, what user names and keys to use, etc. How can I reduce this risk?

I've beein using ~/.ssh/config to make it easier to ssh to various hosts that I use from home and also to provide host aliases. The username, hostname, identity file, etc are all specified in ~/.ssh/config.

I have started using passphrases in my ssh keys. The ssh-agent and/or keyring make this easy, but passphrases and my easy-to-type login password can be broken, can't they?

Improve this question
2
  • 2
    The same info would likely be in your ~/.bash_history as well. As Mark said below, passphrase-protect your private key and then just make sure to remove your public keys in the event of theft or compromise. Commented Jul 14, 2011 at 19:25
  • The .bash_history comment above answers my question. Incidentally, I'm also noting that ~/.mysql_history may have several plaintext passwords even if they are not stored in the database as plaintext! Commented Jul 15, 2011 at 11:31

2 Answers 2

Reset to default
5

Hopefully, actually, your passphrase CAN'T reliably be broken in less time than it takes you to get to the other computers and change their keys after discovering your computer was stolen.

That, really, is all authentication encryption is about; slowing the attacker down to the point where it is unfeasible for them to accomplish the attack before you can react.

Improve this answer
3

You always could use an encrypted home directory, so if your computer is stolen they will waste more time breaking the outer encryption before get to the actual keys.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.