Is it safe to have the same ssh-passphrase as the user login-password?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
Is it safe to have the same passphrase for the main (and only, in my case) ssh key as the user login-password to the computer I use on daily basis? Assuming I am the only user of that computer. What are the potential security risks?
ssh security password
asked May 9 at 11:27
Martin Heralecký
407511
add a comment |Â
up vote
3
down vote
favorite
Is it safe to have the same passphrase for the main (and only, in my case) ssh key as the user login-password to the computer I use on daily basis? Assuming I am the only user of that computer. What are the potential security risks?
ssh security password
asked May 9 at 11:27
Martin Heralecký
407511
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Is it safe to have the same passphrase for the main (and only, in my case) ssh key as the user login-password to the computer I use on daily basis? Assuming I am the only user of that computer. What are the potential security risks?
ssh security password
asked May 9 at 11:27
Martin Heralecký
407511
Is it safe to have the same passphrase for the main (and only, in my case) ssh key as the user login-password to the computer I use on daily basis? Assuming I am the only user of that computer. What are the potential security risks?
ssh security password
asked May 9 at 11:27
Martin Heralecký
407511
asked May 9 at 11:27
Martin Heralecký
407511
asked May 9 at 11:27
Martin Heralecký
407511
asked May 9 at 11:27
Martin Heralecký
407511
407511
add a comment |Â
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
3
down vote
accepted
Generally speaking, reusing passwords is a bad idea unless you're using the same password in the same realm, i.e. among machines or services that are administered by the same group, and where people who have access to one of the machines/services generally have access to all of them.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine A is used on machine A and controls access to other machines. If you use the same password on both and it is leaked, this compromises both machine A and other machines. Therefore sharing the password is a bad for security.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine B is used on machine B and controls access to machine A. If you use the same password on both, then it can be leaked from either A or B. Therefore sharing the password is bad for security.
The password may also leak through backups. For example, if a backup of your home directory is compromised (or you accidentally upload your private key file to Github — you wouldn't be the first¹), the attacker has access to the key file. The OpenSSH private key file format is vulnerable to brute force attacks on the password. Since OpenSSH 6.5, there is a new format (selected with ssh-keygen -o which properly uses a slow hash, but it isn't used by default as of OpenSSH 7.7. So if an attacker gains access to your key file, there's a serious risk that they'll get the password, which lets them use the key and lets them log in without the key. Even with a slow hash, if your password is too weak, an attacker who has the key file may be able to crack it offline (i.e. limited only by how much electricity they're willing to spend).
For these reasons, you should not use the same password for an SSH key and for a user account. If you want to protect the key file but you don't want to remember a separate password, it would be better to use a non-memorable password and store it in your keyring (the Gnome keyring does use a slow hash).²
¹ I think Github now protects against directly uploading the key file.
² And do remember not to leak backups of your keyring, but that's less of a problem than with SSH in practice because people tend to back up their .ssh directory which contains configuration files such as config and authorized_keys.
answered May 9 at 20:03
Gilles
503k1189951522
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
add a comment |Â
up vote
1
down vote
The answer to this question really depends on your computing environment. Are you asking this question as a consumer (home) user or are you asking this question as an enterprise user (work). If you are asking in the voice of the latter then I would first recommend that your consult your system administrator and/or your corporate internal security policies. As a whole, I would say (from the prospective of a IA practitioner...the answer is always no. I would recommend using a password manager and encrypt the master list with an application such as veracrypt.
answered May 9 at 17:28
Mr. Finch
112
add a comment |Â
up vote
-1
down vote
In general, reusing passwords is a bad and unsafe idea.
You need to evaluate the risks vs. the simplicity of using the same password considering what your SSH key is used for. Do you encrypt sensitive information with it? Access remote test servers? Production servers? That's something only you can assess.
Having separate passwords means implementing defense in depth: should someone find your password and access your computer, they still won't able to use your SSH key.
answered May 9 at 12:51
dr01
15.2k114768
1
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
I disagree about "very likely".
– dr01
May 9 at 13:06
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
add a comment |Â
up vote
-1
down vote
It's common knowledge that one should always use different passwords for different purpose. However in this case I would say the risk is low, at least if ssh login via password is disabled on your workstation, so that a remote attacker cannot have any benefit of knowing your password at all.
In case you have already a local intruder (knowing your password), then he could easily setup things to spy you out to get your passphrase whenever you type it again. Many users have ssh-agent running anyways so an intruder could use it without the need for a password at all. So different passwords would not help much here but maybe could still protect you against "known non-expert" attackers, like your kids, mother in law, etc. ;)
A more interesting case would be that a remote attacker (virus) managed to execute code on your user account without knowing any password yet. It seems easier for him to spy out your key-passphrase. But would it be important for him to get the system password if he has already access? Maybe to use sudo, when it's setup like in Ubuntu by default.
Another case would be that the attacker has only access to the files /etc/shadow and/or the encrypted ssh-keys (e.g. break in to the backup server). Now in theory it's possible that either the keys or the shadow files are less secure against brute-force attacks to guess passwords. This would be an advantage for the attacker, but I guess this advantage is low.
answered May 9 at 16:41
rudimeier
5,1111331
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
Generally speaking, reusing passwords is a bad idea unless you're using the same password in the same realm, i.e. among machines or services that are administered by the same group, and where people who have access to one of the machines/services generally have access to all of them.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine A is used on machine A and controls access to other machines. If you use the same password on both and it is leaked, this compromises both machine A and other machines. Therefore sharing the password is a bad for security.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine B is used on machine B and controls access to machine A. If you use the same password on both, then it can be leaked from either A or B. Therefore sharing the password is bad for security.
The password may also leak through backups. For example, if a backup of your home directory is compromised (or you accidentally upload your private key file to Github — you wouldn't be the first¹), the attacker has access to the key file. The OpenSSH private key file format is vulnerable to brute force attacks on the password. Since OpenSSH 6.5, there is a new format (selected with ssh-keygen -o which properly uses a slow hash, but it isn't used by default as of OpenSSH 7.7. So if an attacker gains access to your key file, there's a serious risk that they'll get the password, which lets them use the key and lets them log in without the key. Even with a slow hash, if your password is too weak, an attacker who has the key file may be able to crack it offline (i.e. limited only by how much electricity they're willing to spend).
For these reasons, you should not use the same password for an SSH key and for a user account. If you want to protect the key file but you don't want to remember a separate password, it would be better to use a non-memorable password and store it in your keyring (the Gnome keyring does use a slow hash).²
¹ I think Github now protects against directly uploading the key file.
² And do remember not to leak backups of your keyring, but that's less of a problem than with SSH in practice because people tend to back up their .ssh directory which contains configuration files such as config and authorized_keys.
answered May 9 at 20:03
Gilles
503k1189951522
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
add a comment |Â
up vote
3
down vote
accepted
Generally speaking, reusing passwords is a bad idea unless you're using the same password in the same realm, i.e. among machines or services that are administered by the same group, and where people who have access to one of the machines/services generally have access to all of them.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine A is used on machine A and controls access to other machines. If you use the same password on both and it is leaked, this compromises both machine A and other machines. Therefore sharing the password is a bad for security.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine B is used on machine B and controls access to machine A. If you use the same password on both, then it can be leaked from either A or B. Therefore sharing the password is bad for security.
The password may also leak through backups. For example, if a backup of your home directory is compromised (or you accidentally upload your private key file to Github — you wouldn't be the first¹), the attacker has access to the key file. The OpenSSH private key file format is vulnerable to brute force attacks on the password. Since OpenSSH 6.5, there is a new format (selected with ssh-keygen -o which properly uses a slow hash, but it isn't used by default as of OpenSSH 7.7. So if an attacker gains access to your key file, there's a serious risk that they'll get the password, which lets them use the key and lets them log in without the key. Even with a slow hash, if your password is too weak, an attacker who has the key file may be able to crack it offline (i.e. limited only by how much electricity they're willing to spend).
For these reasons, you should not use the same password for an SSH key and for a user account. If you want to protect the key file but you don't want to remember a separate password, it would be better to use a non-memorable password and store it in your keyring (the Gnome keyring does use a slow hash).²
¹ I think Github now protects against directly uploading the key file.
² And do remember not to leak backups of your keyring, but that's less of a problem than with SSH in practice because people tend to back up their .ssh directory which contains configuration files such as config and authorized_keys.
answered May 9 at 20:03
Gilles
503k1189951522
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
add a comment |Â
up vote
3
down vote
accepted
up vote
3
down vote
accepted
Generally speaking, reusing passwords is a bad idea unless you're using the same password in the same realm, i.e. among machines or services that are administered by the same group, and where people who have access to one of the machines/services generally have access to all of them.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine A is used on machine A and controls access to other machines. If you use the same password on both and it is leaked, this compromises both machine A and other machines. Therefore sharing the password is a bad for security.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine B is used on machine B and controls access to machine A. If you use the same password on both, then it can be leaked from either A or B. Therefore sharing the password is bad for security.
The password may also leak through backups. For example, if a backup of your home directory is compromised (or you accidentally upload your private key file to Github — you wouldn't be the first¹), the attacker has access to the key file. The OpenSSH private key file format is vulnerable to brute force attacks on the password. Since OpenSSH 6.5, there is a new format (selected with ssh-keygen -o which properly uses a slow hash, but it isn't used by default as of OpenSSH 7.7. So if an attacker gains access to your key file, there's a serious risk that they'll get the password, which lets them use the key and lets them log in without the key. Even with a slow hash, if your password is too weak, an attacker who has the key file may be able to crack it offline (i.e. limited only by how much electricity they're willing to spend).
For these reasons, you should not use the same password for an SSH key and for a user account. If you want to protect the key file but you don't want to remember a separate password, it would be better to use a non-memorable password and store it in your keyring (the Gnome keyring does use a slow hash).²
¹ I think Github now protects against directly uploading the key file.
² And do remember not to leak backups of your keyring, but that's less of a problem than with SSH in practice because people tend to back up their .ssh directory which contains configuration files such as config and authorized_keys.
answered May 9 at 20:03
Gilles
503k1189951522
Generally speaking, reusing passwords is a bad idea unless you're using the same password in the same realm, i.e. among machines or services that are administered by the same group, and where people who have access to one of the machines/services generally have access to all of them.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine A is used on machine A and controls access to other machines. If you use the same password on both and it is leaked, this compromises both machine A and other machines. Therefore sharing the password is a bad for security.
The password on your account on machine A is used on machine A and controls access to machine A. The password on your SSH private key on machine B is used on machine B and controls access to machine A. If you use the same password on both, then it can be leaked from either A or B. Therefore sharing the password is bad for security.
The password may also leak through backups. For example, if a backup of your home directory is compromised (or you accidentally upload your private key file to Github — you wouldn't be the first¹), the attacker has access to the key file. The OpenSSH private key file format is vulnerable to brute force attacks on the password. Since OpenSSH 6.5, there is a new format (selected with ssh-keygen -o which properly uses a slow hash, but it isn't used by default as of OpenSSH 7.7. So if an attacker gains access to your key file, there's a serious risk that they'll get the password, which lets them use the key and lets them log in without the key. Even with a slow hash, if your password is too weak, an attacker who has the key file may be able to crack it offline (i.e. limited only by how much electricity they're willing to spend).
For these reasons, you should not use the same password for an SSH key and for a user account. If you want to protect the key file but you don't want to remember a separate password, it would be better to use a non-memorable password and store it in your keyring (the Gnome keyring does use a slow hash).²
¹ I think Github now protects against directly uploading the key file.
² And do remember not to leak backups of your keyring, but that's less of a problem than with SSH in practice because people tend to back up their .ssh directory which contains configuration files such as config and authorized_keys.
answered May 9 at 20:03
Gilles
503k1189951522
answered May 9 at 20:03
Gilles
503k1189951522
answered May 9 at 20:03
Gilles
503k1189951522
answered May 9 at 20:03
Gilles
503k1189951522
503k1189951522
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
add a comment |Â
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
I wonder that you recommend different passwords in general but then using also Gnome keyring which protects even more passwords by just one master password. BTW Gnome keyring is IMO a terrible program which has a lot unfixed of bugs and also does not support all ssh key algorithms.
– rudimeier
May 11 at 7:31
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
@rudimeier Gnome-keyring has many downsides, but from reading the documentation (I haven't audited the code) it protects the password database better than OpenSSH does out of the box. It is more secure if you use a different, more complex passphrase for the keyring than for logging in, but that's not the out-of-the-box configuration and is problematic for ordinary users.
– Gilles
May 11 at 20:29
add a comment |Â
up vote
1
down vote
The answer to this question really depends on your computing environment. Are you asking this question as a consumer (home) user or are you asking this question as an enterprise user (work). If you are asking in the voice of the latter then I would first recommend that your consult your system administrator and/or your corporate internal security policies. As a whole, I would say (from the prospective of a IA practitioner...the answer is always no. I would recommend using a password manager and encrypt the master list with an application such as veracrypt.
answered May 9 at 17:28
Mr. Finch
112
add a comment |Â
up vote
1
down vote
The answer to this question really depends on your computing environment. Are you asking this question as a consumer (home) user or are you asking this question as an enterprise user (work). If you are asking in the voice of the latter then I would first recommend that your consult your system administrator and/or your corporate internal security policies. As a whole, I would say (from the prospective of a IA practitioner...the answer is always no. I would recommend using a password manager and encrypt the master list with an application such as veracrypt.
answered May 9 at 17:28
Mr. Finch
112
add a comment |Â
up vote
1
down vote
up vote
1
down vote
The answer to this question really depends on your computing environment. Are you asking this question as a consumer (home) user or are you asking this question as an enterprise user (work). If you are asking in the voice of the latter then I would first recommend that your consult your system administrator and/or your corporate internal security policies. As a whole, I would say (from the prospective of a IA practitioner...the answer is always no. I would recommend using a password manager and encrypt the master list with an application such as veracrypt.
answered May 9 at 17:28
Mr. Finch
112
The answer to this question really depends on your computing environment. Are you asking this question as a consumer (home) user or are you asking this question as an enterprise user (work). If you are asking in the voice of the latter then I would first recommend that your consult your system administrator and/or your corporate internal security policies. As a whole, I would say (from the prospective of a IA practitioner...the answer is always no. I would recommend using a password manager and encrypt the master list with an application such as veracrypt.
answered May 9 at 17:28
Mr. Finch
112
answered May 9 at 17:28
Mr. Finch
112
answered May 9 at 17:28
Mr. Finch
112
answered May 9 at 17:28
Mr. Finch
112
112
add a comment |Â
add a comment |Â
up vote
-1
down vote
In general, reusing passwords is a bad and unsafe idea.
You need to evaluate the risks vs. the simplicity of using the same password considering what your SSH key is used for. Do you encrypt sensitive information with it? Access remote test servers? Production servers? That's something only you can assess.
Having separate passwords means implementing defense in depth: should someone find your password and access your computer, they still won't able to use your SSH key.
answered May 9 at 12:51
dr01
15.2k114768
1
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
I disagree about "very likely".
– dr01
May 9 at 13:06
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
add a comment |Â
up vote
-1
down vote
In general, reusing passwords is a bad and unsafe idea.
You need to evaluate the risks vs. the simplicity of using the same password considering what your SSH key is used for. Do you encrypt sensitive information with it? Access remote test servers? Production servers? That's something only you can assess.
Having separate passwords means implementing defense in depth: should someone find your password and access your computer, they still won't able to use your SSH key.
answered May 9 at 12:51
dr01
15.2k114768
1
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
I disagree about "very likely".
– dr01
May 9 at 13:06
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
add a comment |Â
up vote
-1
down vote
up vote
-1
down vote
In general, reusing passwords is a bad and unsafe idea.
You need to evaluate the risks vs. the simplicity of using the same password considering what your SSH key is used for. Do you encrypt sensitive information with it? Access remote test servers? Production servers? That's something only you can assess.
Having separate passwords means implementing defense in depth: should someone find your password and access your computer, they still won't able to use your SSH key.
answered May 9 at 12:51
dr01
15.2k114768
In general, reusing passwords is a bad and unsafe idea.
You need to evaluate the risks vs. the simplicity of using the same password considering what your SSH key is used for. Do you encrypt sensitive information with it? Access remote test servers? Production servers? That's something only you can assess.
Having separate passwords means implementing defense in depth: should someone find your password and access your computer, they still won't able to use your SSH key.
answered May 9 at 12:51
dr01
15.2k114768
answered May 9 at 12:51
dr01
15.2k114768
answered May 9 at 12:51
dr01
15.2k114768
answered May 9 at 12:51
dr01
15.2k114768
15.2k114768
1
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
I disagree about "very likely".
– dr01
May 9 at 13:06
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
add a comment |Â
1
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
I disagree about "very likely".
– dr01
May 9 at 13:06
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
1
1
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
In case somebody has already access to the user's account, then it's very likely that he would find out the passphrase anyways, by spying the user when he is typing it or just using a running ssh-agent. Of course you are right about the "general message".
– rudimeier
May 9 at 13:02
I disagree about "very likely".
– dr01
May 9 at 13:06
I disagree about "very likely".
– dr01
May 9 at 13:06
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
The attacker using your account could manipulate your env, ssh client and even your shell. I don't believe that you check all that, each time before using ssh client. And there are even more ways to fish your input or unencrypted keys from memory.
– rudimeier
May 9 at 15:58
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
@rudimeier But that's not the only problematic scenario by far.
– Gilles
May 9 at 20:04
add a comment |Â
up vote
-1
down vote
It's common knowledge that one should always use different passwords for different purpose. However in this case I would say the risk is low, at least if ssh login via password is disabled on your workstation, so that a remote attacker cannot have any benefit of knowing your password at all.
In case you have already a local intruder (knowing your password), then he could easily setup things to spy you out to get your passphrase whenever you type it again. Many users have ssh-agent running anyways so an intruder could use it without the need for a password at all. So different passwords would not help much here but maybe could still protect you against "known non-expert" attackers, like your kids, mother in law, etc. ;)
A more interesting case would be that a remote attacker (virus) managed to execute code on your user account without knowing any password yet. It seems easier for him to spy out your key-passphrase. But would it be important for him to get the system password if he has already access? Maybe to use sudo, when it's setup like in Ubuntu by default.
Another case would be that the attacker has only access to the files /etc/shadow and/or the encrypted ssh-keys (e.g. break in to the backup server). Now in theory it's possible that either the keys or the shadow files are less secure against brute-force attacks to guess passwords. This would be an advantage for the attacker, but I guess this advantage is low.
answered May 9 at 16:41
rudimeier
5,1111331
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
add a comment |Â
up vote
-1
down vote
It's common knowledge that one should always use different passwords for different purpose. However in this case I would say the risk is low, at least if ssh login via password is disabled on your workstation, so that a remote attacker cannot have any benefit of knowing your password at all.
In case you have already a local intruder (knowing your password), then he could easily setup things to spy you out to get your passphrase whenever you type it again. Many users have ssh-agent running anyways so an intruder could use it without the need for a password at all. So different passwords would not help much here but maybe could still protect you against "known non-expert" attackers, like your kids, mother in law, etc. ;)
A more interesting case would be that a remote attacker (virus) managed to execute code on your user account without knowing any password yet. It seems easier for him to spy out your key-passphrase. But would it be important for him to get the system password if he has already access? Maybe to use sudo, when it's setup like in Ubuntu by default.
Another case would be that the attacker has only access to the files /etc/shadow and/or the encrypted ssh-keys (e.g. break in to the backup server). Now in theory it's possible that either the keys or the shadow files are less secure against brute-force attacks to guess passwords. This would be an advantage for the attacker, but I guess this advantage is low.
answered May 9 at 16:41
rudimeier
5,1111331
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
add a comment |Â
up vote
-1
down vote
up vote
-1
down vote
It's common knowledge that one should always use different passwords for different purpose. However in this case I would say the risk is low, at least if ssh login via password is disabled on your workstation, so that a remote attacker cannot have any benefit of knowing your password at all.
In case you have already a local intruder (knowing your password), then he could easily setup things to spy you out to get your passphrase whenever you type it again. Many users have ssh-agent running anyways so an intruder could use it without the need for a password at all. So different passwords would not help much here but maybe could still protect you against "known non-expert" attackers, like your kids, mother in law, etc. ;)
A more interesting case would be that a remote attacker (virus) managed to execute code on your user account without knowing any password yet. It seems easier for him to spy out your key-passphrase. But would it be important for him to get the system password if he has already access? Maybe to use sudo, when it's setup like in Ubuntu by default.
Another case would be that the attacker has only access to the files /etc/shadow and/or the encrypted ssh-keys (e.g. break in to the backup server). Now in theory it's possible that either the keys or the shadow files are less secure against brute-force attacks to guess passwords. This would be an advantage for the attacker, but I guess this advantage is low.
answered May 9 at 16:41
rudimeier
5,1111331
It's common knowledge that one should always use different passwords for different purpose. However in this case I would say the risk is low, at least if ssh login via password is disabled on your workstation, so that a remote attacker cannot have any benefit of knowing your password at all.
In case you have already a local intruder (knowing your password), then he could easily setup things to spy you out to get your passphrase whenever you type it again. Many users have ssh-agent running anyways so an intruder could use it without the need for a password at all. So different passwords would not help much here but maybe could still protect you against "known non-expert" attackers, like your kids, mother in law, etc. ;)
A more interesting case would be that a remote attacker (virus) managed to execute code on your user account without knowing any password yet. It seems easier for him to spy out your key-passphrase. But would it be important for him to get the system password if he has already access? Maybe to use sudo, when it's setup like in Ubuntu by default.
Another case would be that the attacker has only access to the files /etc/shadow and/or the encrypted ssh-keys (e.g. break in to the backup server). Now in theory it's possible that either the keys or the shadow files are less secure against brute-force attacks to guess passwords. This would be an advantage for the attacker, but I guess this advantage is low.
answered May 9 at 16:41
rudimeier
5,1111331
edited May 11 at 7:23
answered May 9 at 16:41
rudimeier
5,1111331
answered May 9 at 16:41
rudimeier
5,1111331
answered May 9 at 16:41
rudimeier
5,1111331
5,1111331
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
add a comment |Â
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
There are other problematic scenarios, especially an attacker gaining hold of a backup of the private key file. And you didn't consider the fact that the SSH key and the password proect different systems.
– Gilles
May 9 at 20:05
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
@Gilles Actually I have mentioned the backup leak and I'm also aware that the password protects different systems. Though I silently assumed that ssh login via password is disabled on the machine. I will add this to my answer.
– rudimeier
May 11 at 7:20
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f442740%2fis-it-safe-to-have-the-same-ssh-passphrase-as-the-user-login-password%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
