I have a laptop running Linux encrypted using dmcrypt. To use git, I just created an SSH key, but did not password-protect it. Since my hard drive is already encrypted, is there any benefit to password-protecting my SSH key?
-
3Possible duplicate of [Realistically, how much added security does having a passphrase on a ssh key have?](http://security.stackexchange.com/questions/82291/realistically-how-much-added-security-does-having-a-passphrase-on-a-ssh-key-hav) – techraf Jul 27 '16 at 23:39
2 Answers
Yes.
File-system and hard-drive encryption are security controls which defend against a specific threat, in this case it usually protects the data when the system is physically taken.
When attackers access a system while it's running via something like a vulnerable web application or through some other method they are effectively accessing the filesystems locally with user permissions of what ever application they compromised or in some rare cases they take over the kernel. When this happens the controls which keep the filesystem or disk encryption are effectively bypassed and the "user" can grab whatever files he or she has access to via the compromised account. Likewise there are many other flaws which allow attackers into systems but the point is that the two security controls you mentioned protect from different attack vectors and are both important to create a Defense in Depth strategy.
The security control of the password-protecting your SSH key is still valid and does offer additional protection that the file-system or disk-encryption by itself does not offer especially in the case of an attacker who has access to your system remotely. In this scenario the attacker would take or use a copy of your key and instantly have access to your Git account.
- 14,099
- 6
- 43
- 49
Hard drive encryption only is really secure when your computer is turned off.
It is no replacement for any password.
About the password, however:
A password used to encrypt the SSH key locally can be brute-forced if someone gets the key, without any limitations how fast the attacker can try. It's not very helpful if your key gets stolen anyways.
Not sure if and how this is possible with GIT, but in case of a SSH key for server login, requiring the user account password on serverside instead is much more secure, because there things like fail2ban etc. can be used.
Clarification: I do not suggest to use the server-side password instead of the key. I suggest using both. And yes, this is possible with a AuthenticationMethods publickey,password
in sshd_config. See http://man.openbsd.org/sshd_config . What I'm calling insecure is the optional client-side PW which is never sent to the server, just used to read the key.
- 3,854
- 21
- 22
-
@techraf Then please tell me why., because even in your own link, poeple are saying the same. Just in case you're not aware of it, google eg. "openssh AuthenticationMethods". And yes, with a key, there are two possible passwords, which can be used both, or either one, or none ... (Just for a test, I did try it on my own keys a while ago, cracking the client-side PW was pretty easy) – deviantfan Jul 27 '16 at 23:53
-
@techraf Btw., you did quote me wrong. I did *not* say that the serverside PW replaces the key, but the client-side PW. Before you downvote and leave unhelpful comments, please read properly. – deviantfan Jul 28 '16 at 00:00
-
@techraf `I did quote you literally` I can't find your [...] in my post, and you filled it in wrong. `If you think that password-based SSH does not replace the key-based authentication by the very fact of using it` I don't even know what that should mean, but again: Key AND server-side password. – deviantfan Jul 28 '16 at 00:07
-
@techraf Ok, now you did prove that you have no idea what you're talking about. Repeat: `google eg. "openssh AuthenticationMethods"`. If you're doubting that it (key ownership AND knowledge of something independent) is more secure (than ownership alone), feel free to open a new question. – deviantfan Jul 28 '16 at 00:10
-
`If public-key authentication fails, it will go to password authentication.` I don't mean that. I mean **both always**. My config line: `AuthenticationMethods publickey,password` ... If you're not able to read the manpage with the full explanation, just stop. – deviantfan Jul 28 '16 at 00:19
-
@techraf My arrogance? Right back at you. I'm done here. Please learn reading what I repeated about 5 times here. `Your config file ... not relevant here.` Now, because you're proven wrong. Sigh... – deviantfan Jul 28 '16 at 00:32
-
@techraf Are you still spouting this nonsense? Just try it, it works perfectly. Please stop spamming my answer. **Bye** – deviantfan Jul 28 '16 at 00:46
-
Note: the option to require both pw&key (or in general more than one client method) is only in OpenSSH since 6.2 released in 2013. Millions of pages and blogs and some SX answers predate that and were correct when written. – dave_thompson_085 Jul 28 '16 at 09:39
-
@dave_thompson_085 True, but with keywords I gave him here, together with telling him to read the manpage instead of random internet sites, techraf *should* be able to find it... (instead, trollish behaviour.) – deviantfan Jul 28 '16 at 11:41
-
Ok, I apologise. I understood, what you meant. If you control the git server, that makes sense. I think I likened Git to Github/Bitbucket and was indeed looking only for information confirming it cannot be done. – techraf Jul 28 '16 at 19:39