using gpg remotely over ssh?
CL Gilbert
Lamont_Gilbert at RigidSoftware.com
Mon Nov 15 22:35:01 CET 2004
Neil Williams wrote:
> On Thursday 11 November 2004 12:20 pm, Nomen Nescio wrote:
>
>>I know not to use gpg over telnet, but is it OK to use it remotely
>>over ssh if I trust the machine I'm typing at and the machine I'm
>>remotely logged in to?
>
Well if local machine is secure, and remote machine is secure, and you
connect from one to the other using a secure shell, then you have a
secure system.
>
> The more important question is: Do you have the root password for this remote
> machine? Does anyone else? Is that what you mean by trust?
>
> It's your decision, but I wouldn't put my secret key on any remote machine. If
> it's hosted on someone else's system your secret key could be available to a
> third party. With the secret key in their possession, only an attack on your
> passphrase protects your secret key from being compromised.
>
> Isn't there another way of doing this? Why not decrypt and sign locally? SSH
> has a complimentary SCP that can copy the required files over ssh.
>
Why? What advantage can be gained from doing it locally which means he
must bring his key onto the local machine?
> Just have any necessary public keys on the remote machine, encrypt and verify
> signatures if you want to, then copy the files to your local machine for
> decryption and back again if you are sending up signed files.
>
The remote machine has all his key files today if i understand him.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
Thank you,
CL Gilbert
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
More information about the Gnupg-users
mailing list