New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@Adam: thanks, will take a look at EncFS, but they seems to work with Linux only though, guess I'll have to check out the other ones instead.
My ssh keys are backed up via at least three different services...Tarsnap being my favorite.
I hate USB drives because I often lose them and like anything, they are not 100% reliable, which means I have to back them up, which means having multiple copies, blah blah.
I store my keys GPG-encrypted on most places I'm likely to use them, plus on Dropbox. Every box I might use them on has a cron job that deltes the unencrypted keys every 5 minutes (literally an rm -f /home/me/.ssh/filename), so even if I forget, they won't sit anywhere long.
And of course, they are passphrase'd as well, so that is a last line of defense.
SSH key is "something you have and something you know". SSH without a key is just "something you know," which would be OK except it's actually "something you type". Typing is always vulnerable to key logging. If you are using SSH key authentication only (and disallow password authentication), then someone would have to not only keylog your passphrase but steal the keyfile...though of course, if they can install a keylogger...
Really, one-time passwords are the best we have today. Something like S/KEY or Google Auth (or SecureID - wish there was something like that which was universal and free. YubiKey is not quite.)