Jeff Kinz wrote:
If your ssh keys are in a file on a remote server, does that mean anyone who has root on that system can use them to gain access to ssh into your home system?
It depends. There are two types of keys..public and private keys. Obviously, you only need to upload the public key to the server you want to login (as authorized_keys with OpenSSH). The private key should be password protected (i.e. NO BLANK PASSWORDS dsa/rsa keys).
If someone has root on a server where the private key is located, they can see the key. But after seeing the key, they need to know the IP/FQDN of the remote SSH server "AND" know the password of the private key (which is why having a pass-"phrase" is a better idea than pass-"word").
Not only that, but newer versions of SSH allow you to encrypt your known_hosts file. From Damien Miller's Post:
Added the ability to store hostnames added to ~/.ssh/known_hosts in a hashed format. This is a privacy feature that prevents a local attacker from learning other hosts that a user has accounts on from their known_hosts file.
So instead of hostnames being stored in plain text like:
yourhost.example.com ssh-rsa
AAAB3NzaC1yc2EAAAABIwAAAIEAp832eeMwYH…
They are hashed first, so they don’t reveal the hostname. E.g.:
|1|bRGYyrC+bfKZGGd5GZH4wo1AnsI=|xcQ+54QNVwQ+fBCldn0= ssh-rsa
AAA…
We added at the request of some MIT researchers who found that a substantial number of user private keys on shared systems are not encrypted (a really dumb thing to do, BTW). This lack of user care, coupled with the information in the known_hosts files, allowed attackers to spread their attacks to multiple systems.
Right now this is disabled by default, but administrators of sites with lazy users can turn it on with the HashKnownHosts config flag.
If you do this, you should probably also hash your existing known_hosts file (ssh-keygen -H).
Warm Regards,
-- Bruno Delbono Open-Systems Group http://www.open-systems.org/users/bruno/