Putting the "S" Back Into SSH
[WARNING: There are couple of security issues with SSHKeychain that you should be aware of. Please see my next post for details.]
SSH, short for secure shell, is a set of tools (ssh
and scp
on Unix derivatives) to securely access and copy files to remote machines. So often I see tutorials, like this or this, on how to setup SSH to work with no password. However, these tutorials often advise using a key pair without a passphrase protecting the private key. Yeah, okay, you can now get into remote machines without typing a password, but so can someone else if they get access to your account. Leaving your private key unprotected without a passphrase is like not having a PIN on your ATM card. It’s just asking for trouble.
You may scoff at my paranoia, but the famous Internet Worm back in 1988 exploited a similar weakness in the then-popular RSH (remote shell) set of commands (rsh
, rcp
, etc.). It used the password-less mode of RSH as one if its methods to spread itself to other machines and effectively bring down the Internet. As SSH was written as a secure replacement to RSH, in part to avoid repeat problems like the Internet Worm, I believe private keys should be protected with a passphrase under nearly all circumstances.
Okay, so I understand that you don’t want to enter your passphrase every time you login or copy files. The solution (at least on Unix derivatives, including Mac OS X) is to use ssh-agent
. It gives you SSH access without a password, but is still very secure.
ssh-agent
is a background daemon that holds the private keys in memory for you and automatically uses them to authenticate to remote machines when you try and login. The typical workflow is that once ssh-agent
is started, you add your private key to the agent using ssh-add
. This requires your passphrase to decrypt your private key, but then the agent keeps the private key in memory for future use. This means you enter your passphrase only once when the key is added, and you can use ssh
without a password or passphrase from then on. It’s more secure because the private key is unencrypted in memory only. It’s still encrypted on disk.
The only issue with ssh-agent
is that it’s traditionally a bit tricky to setup. When I last used Linux for my desktop OS (Red Hat 9 was all the rage to give you an idea of when that was), you’d have to jump through some hoops to get it all working. In the end, you were prompted for your passphrase once at login time, but you could use ssh
without a password from then on. While a huge improvement over typing my passphrase every time, I did find the dialog box at login to be a bit of a pain. It was especially annoying if I was rebooting or logging out and logging in to try test something. I hope it’s gotten easier, but as I haven’t used desktop Linux in a while, I’m not sure how it’s progressed.
Fortunately, if you’re on Mac OS X, there’s a fantastic open source application called SSHKeychain that makes using ssh-agent
really easy. It takes the ingenious approach of acting as a proxy for the real ssh-agent
. This simplifies a lot of the setup and allows it to do some really cool features that I don’t think SSH agents on other platforms can do. The main feature is that it only prompts you for your passphrase when you actually try and use ssh/scp
for the first time. No more annoying dialog box every time I login. If I don’t happen to use SSH, I don’t have to type my passphrase. Peachy.
But wait, there’s more! SSHKeychain hooks into system events and can remove your private key automatically. For example, it can remove the key when the screensaver kicks in or when you put your machine to sleep. These are really great features for laptop users or people who don’t trust their coworkers. Its security settings are fairly customizable, though, so I’m sure you can find settings to match your level of paranoia.
Finally, you can store your passphrase in your Apple Keychain if you like. I’m too paranoid for that, but it’s a nice touch. You’re better off storing your passphrase in the Keychain rather than using no passphrase at all.
Oh, and while I’m nitpicking other people’s tutorials (it’s nothing personal guys), I usually recommend using RSA instead of DSA for the key pair algorithm (i.e. ssh-keygen -t rsa
). DSA used to be the preferred way, but mainly that was because RSA was covered under patents. Since the RSA patents have expired, there’s little reason not to use it. In fact, I remember reading it was more secure, and even the PuTTY people recommend RSA over DSA. But to keep security risks in perspective, you’re much better off using DSA with a passphrase, than RSA without one.
Speaking of PuTTY, if you’re on Windows and you’d like to use an SSH agent, the PuTTY equivalent of ssh-agent
is called Pageant. It’s not as slick as SSHKeychain, but it gets the job done.
For further information, consult the SSHKeychain website, read the ssh-agent(1) man page, and read the SSH with Keys HOWTO.
UPDATE: Keith Garner gives good advice on how to mitigate the risk of password-less SSH by using source IP and/or command constraints.