jkinz@kinz.org wrote:
Hi Warren, Nice explanation.
Thanks!
I would like to ask what you recommend people do if they want to be able to ssh in from anywhere on the internet. Say they are going to be traveling and they know they will have to login from machines they have no control over, like an internet cafe or a Hotel's business services suite?
Much of what I have to say on this has been said by others here already, but since you asked me, I'll repeat it.
You cannot trust hardware that's been in anyone else's hands. A compromised computer can be made to do *anything*. Furthermore, technology exists to make it extremely difficult to tell whether it has been compromised. Therefore, you must carry hardware you control, and that hardware must be resistant to attack. Whether it's a hacked-up Palm III running uC Linux or a MacBook Air, you must be in control of it, top-to-bottom, if you are going to trust it with the keys it needs to get into your home from the outside. If you can't trust the hardware, don't give it the keys.
Whatever portable system you choose, the key store must be strongly encrypted, or you must use a strong password on the individual keys. Again, this is the key to your home. If the hardware gets stolen, you want those keys to be unusable. Ideally, you want stolen hardware to be virtually worthless until reformatted.
I have two portable systems that I trust enough to give them the keys to my home system.
My primary portable is a MacBook Pro with the home directory encrypted with OS X's FileVault feature. This is AES encryption, keyed with my login password, which is suitably strong. Since my entire home directory is encrypted, I don't bother to use passwords on the ssh keys I keep on that system. (I also use secure virtual memory on this system, for what that's worth.)
The other portable is a little Asus Eee 701, reformatted to run Ubuntu Eee. (Since renamed Easy Peasy...wince...) I haven't yet got it doing full disk encryption, so I password-protect its ssh key.