NFS4 and remote access
Ian Grant
Ian.Grant at cl.cam.ac.uk
Thu Apr 19 03:57:10 EDT 2007
On 18 Apr 2007, at 22:11, david m. richter wrote:
> perhaps i'm completely misunderstanding, but you have people
> generate private keys remotely -- like at the cybercafe mentioned
> above? put another way, where are your users' private keys
> located? storing
> private keys on untrusted computers doesn't work ...
Hi David,
This is now well and truly off topic. SSH key access works like this:
the private key is remote (i.e. on the client) and the server only
has access to the public key. The private keys are expendable because
they are only for the purposes of access from the place they are
stored. So, yes, the private key is vulnerable, but is only useful
from the host on which it was generated and only for the duration of
the legitimate person's use of that host.
In the case of a suspect host (like a cyber-cafe) we would expect
people to only use one-time passwords, not public key access.
I was only asking what other people do, I did not expect the third-
degree on our remote access policy! But I suppose that's inevitable
in a discussion about security.
Ian
More information about the NFSv4
mailing list