[Gnuk-users] Useful case(s) of Gnuk Token
Yuji -UG- Imai
ug at xcast.jp
Fri Dec 19 03:40:34 UTC 2014
Gniibe,
NIIBE Yutaka<gniibe at fsij.org> wrote:
>
> A good user would be uneasy when he makes copies of his private key
> file, and installs this into another computer.
>
> Gnuk Token can be considered as a portable private key holder. In
> this use case, the user doesn't need to copy his private key file nor
> his public key file.
>
> Any comments?
>
I try to add another usecase.
Imagine the situation of ssh springboard server that bridge the Internet
and
closed segment only for operators.
Before netcat command appeared, they had to store their secret keys
on springboard servers. It made them uneasy, as gniibe described.
Nowdays, good manner for login from the Internet to server on closed
segment is
using netcat mode of sshd.
http://en.m.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Passing_through_a_gateway_using_netcat_mode
However, some still consider to need his/her secret key on the server. He
use it for
ssh from secure segment server to others such as his git server recording
history of scripts and configurations. For such purpose, I suggest them
using
agent forwarding of OpenSSH and putty. Using ageant forwarding they can
use secret key of Gnuk token instead of local servers.
http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd
Combination of Gnuk and ssh agent forwarding make me happy.
I can erase all secret keys from filesystems. I can use ssh authorization
on any host
login to with my ssh and putty/teraterm. Lovely.
Yuji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20141219/7bf57dd2/attachment.html>
More information about the gnuk-users
mailing list