using gpg remotely over ssh?
Neil Williams
linux at codehelp.co.uk
Mon Nov 15 20:30:15 CET 2004
On Thursday 11 November 2004 12:20 pm, Nomen Nescio wrote:
> I know not to use gpg over telnet, but is it OK to use it remotely
> over ssh if I trust the machine I'm typing at and the machine I'm
> remotely logged in to?
The more important question is: Do you have the root password for this remote
machine? Does anyone else? Is that what you mean by trust?
It's your decision, but I wouldn't put my secret key on any remote machine. If
it's hosted on someone else's system your secret key could be available to a
third party. With the secret key in their possession, only an attack on your
passphrase protects your secret key from being compromised.
Isn't there another way of doing this? Why not decrypt and sign locally? SSH
has a complimentary SCP that can copy the required files over ssh.
Just have any necessary public keys on the remote machine, encrypt and verify
signatures if you want to, then copy the files to your local machine for
decryption and back again if you are sending up signed files.
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041115/54523f8f/attachment.bin
More information about the Gnupg-users
mailing list