using gpg remotely over ssh?

CL Gilbert Lamont_Gilbert at RigidSoftware.com
Mon Nov 15 22:35:01 CET 2004


Neil Williams wrote:
> On Thursday 11 November 2004 12:20 pm, Nomen Nescio wrote:
> 
>>I know not to use gpg over telnet, but is it OK to use it remotely
>>over ssh if I trust the machine I'm typing at and the machine I'm
>>remotely logged in to?
> 

Well if local machine is secure, and remote machine is secure, and you 
connect from one to the other using a secure shell, then you have a 
secure system.

> 
> The more important question is: Do you have the root password for this remote 
> machine? Does anyone else? Is that what you mean by trust?
> 
> It's your decision, but I wouldn't put my secret key on any remote machine. If 
> it's hosted on someone else's system your secret key could be available to a 
> third party. With the secret key in their possession, only an attack on your 
> passphrase protects your secret key from being compromised.
> 
> Isn't there another way of doing this? Why not decrypt and sign locally? SSH 
> has a complimentary SCP that can copy the required files over ssh.
> 

Why?  What advantage can be gained from doing it locally which means he 
must bring his key onto the local machine?

> Just have any necessary public keys on the remote machine, encrypt and verify 
> signatures if you want to, then copy the files to your local machine for 
> decryption and back again if you are sending up signed files.
> 

The remote machine has all his key files today if i understand him.


> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


-- 
Thank you,


CL Gilbert
"Then said I, Wisdom [is] better than strength: nevertheless the poor 
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org



More information about the Gnupg-users mailing list