What’s the current best practice for auth on ToolForge?
I have a passphrase on my public ssh key. I’ll be accessing toolforge from my MacBook which is protected with Apple’s Touch ID fingerprint scanner. I’ll be nailing up a tmux session.
So, most of the time, there will be an active ssh session into wfmlabs protected only by my fingerprint touch. If the ssh session goes down (i.e. reboot or network change), it’ll be a touch plus my ssh passphrase.
Is this considered an appropriate level of protection for this environment?
On Sat, Sep 30, 2017 at 9:28 AM, Roy Smith roy@panix.com wrote:
What’s the current best practice for auth on ToolForge?
I have a passphrase on my public ssh key. I’ll be accessing toolforge from my MacBook which is protected with Apple’s Touch ID fingerprint scanner. I’ll be nailing up a tmux session.
So, most of the time, there will be an active ssh session into wfmlabs protected only by my fingerprint touch. If the ssh session goes down (i.e. reboot or network change), it’ll be a touch plus my ssh passphrase.
Is this considered an appropriate level of protection for this environment?
Having a strong passphrase on your private ssh key is recommended. Using an ssh-agent to hold your ssh key when decrypted is reasonable. Keeping an ssh session open via screen or tmux is acceptable. I would expect these three things to be in common use by a number of Toolforge / Cloud VPS users and administrators.
The only thing that is semi-unique about the setup you describe is the use of biometric auth for unlocking your laptop. I don't see that that makes your key handling practices inherently weaker (or stronger) than having a passphrase for unlocking.
Bryan
Biometry in general may be acceptable, but fingerprints should be considered weak protection, because you share that key with your environment all day, every day. Getting someone's fingerprint is *really* easy. If your phone gets stolen, chances are, the fingerprint needed to unlock it is right on there already.
And faking fingerprints is really easy, too.
https://www.theguardian.com/technology/2013/sep/22/apple-iphone-fingerprint-...
Am 30.09.2017 um 20:21 schrieb Bryan Davis:
On Sat, Sep 30, 2017 at 9:28 AM, Roy Smith roy@panix.com wrote:
What’s the current best practice for auth on ToolForge?
I have a passphrase on my public ssh key. I’ll be accessing toolforge from my MacBook which is protected with Apple’s Touch ID fingerprint scanner. I’ll be nailing up a tmux session.
So, most of the time, there will be an active ssh session into wfmlabs protected only by my fingerprint touch. If the ssh session goes down (i.e. reboot or network change), it’ll be a touch plus my ssh passphrase.
Is this considered an appropriate level of protection for this environment?
Having a strong passphrase on your private ssh key is recommended. Using an ssh-agent to hold your ssh key when decrypted is reasonable. Keeping an ssh session open via screen or tmux is acceptable. I would expect these three things to be in common use by a number of Toolforge / Cloud VPS users and administrators.
The only thing that is semi-unique about the setup you describe is the use of biometric auth for unlocking your laptop. I don't see that that makes your key handling practices inherently weaker (or stronger) than having a passphrase for unlocking.
Bryan
2017-09-30 21:00 GMT+02:00 Daniel Kinzler daniel.kinzler@wikimedia.de:
Biometry in general may be acceptable, but fingerprints should be considered weak protection, because you share that key with your environment all day, every day. Getting someone's fingerprint is *really* easy. If your phone gets stolen, chances are, the fingerprint needed to unlock it is right on there already.
I agree and even worse: if your password gets stolen you can change it but you cant change your fingerprint. Fingerprints are Usernames, not Passwords!¹
In additional to using good passwords² I would advise to change the ssh-keys once in a while and thereby upgrade to modern key-options. At the moment ed25519 – if already supported by the sites you use – and using PBKDF as key-derivation-function! See [3] for a howto.
[1]: http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html [2]: https://xkcd.com/936/ [3]: https://blog.g3rt.nl/upgrade-your-ssh-keys.html
Regards, M
On Sep 30, 2017, at 3:49 PM, Michael Schönitzer michael.schoenitzer@wikimedia.de wrote:
I agree and even worse: if your password gets stolen you can change it but you cant change your fingerprint.
Actually, that’s not true. The problem is, I can only change it 9 times :-)
Am 30.09.2017 um 23:09 schrieb Roy Smith:
On Sep 30, 2017, at 3:49 PM, Michael Schönitzer <michael.schoenitzer@wikimedia.de mailto:michael.schoenitzer@wikimedia.de> wrote:
I agree and even worse: if your password gets stolen you can change it but you cant change your fingerprint.
Actually, that’s not true. The problem is, I can only change it 9 times :-)
plus toes...