using gpg remotely over ssh?

Neil Williams linux at codehelp.co.uk
Mon Nov 15 20:30:15 CET 2004


On Thursday 11 November 2004 12:20 pm, Nomen Nescio wrote:
> I know not to use gpg over telnet, but is it OK to use it remotely
> over ssh if I trust the machine I'm typing at and the machine I'm
> remotely logged in to?

The more important question is: Do you have the root password for this remote 
machine? Does anyone else? Is that what you mean by trust?

It's your decision, but I wouldn't put my secret key on any remote machine. If 
it's hosted on someone else's system your secret key could be available to a 
third party. With the secret key in their possession, only an attack on your 
passphrase protects your secret key from being compromised.

Isn't there another way of doing this? Why not decrypt and sign locally? SSH 
has a complimentary SCP that can copy the required files over ssh.

Just have any necessary public keys on the remote machine, encrypt and verify 
signatures if you want to, then copy the files to your local machine for 
decryption and back again if you are sending up signed files.

-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041115/54523f8f/attachment.bin


More information about the Gnupg-users mailing list