0
I would like some security/cygwin advice concerning SSH keys. It would be nice to not have a passphrase on some keys which are frequently used to access git repositories. However, in my work environment, I am required to work on a remote server using remote desktop, and I use Cygwin to get a Unix-like terminal. Cygwin is installed on a local disk on this server, and a few other people can access it. Although we can consider these other people trustworthy, I prefer good habits concerning security, and as such would not put my un-protected private keys there.
However, I do have a private network disk that is mine only, and consider putting the keys there. Then two questions arise: 1. Is this sufficiently secure? Of course the IT admins can access it, but they can also access the servers I'm logging into with the keys in the first place. 2. How do I get Cygwin to read them? If I make a symlink to this area I am not allowed to set the permission flags correctly, since it is outside of Cygwin's own folder/file system.
It would not surprise me if the conclusion is that I should just use a passphrase.
sigvaldm
Posted 2019-10-17T08:26:19.433
Reputation: 101
1
I personally always recommend protecting SSH keys with a complex passphrase, as it's the only way to ensure the key cannot be compromised if someone else gains access to it. Have you considered simply using a single SSH key stored on a hardware security module (like a YubiKey)? There's little protection that comes from using a multitude of keys versus using a single key stored on a hardware security module.
– JW0914 – 2019-10-17T10:01:02.140