Bloc: Safe to Store SSH Passphrase in Pharo?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Bloc: Safe to Store SSH Passphrase in Pharo?

Sean P. DeNigris
Administrator
https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
configure Iceberg with the "Use Custom SSH Keys" setting, part of which
seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is
that a good idea (i.e. is that safe)?



-----
Cheers,
Sean
--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html

Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

NorbertHartl


> Am 31.08.2017 um 03:32 schrieb Sean P. DeNigris <[hidden email]>:
>
> https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
> configure Iceberg with the "Use Custom SSH Keys" setting, part of which
> seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is
> that a good idea (i.e. is that safe)?
>
>
Not at all! And that's why I nagged Esteban so much until ssh agent work properly. It is a really bad idea to put passwords in the image but I can see that there is a lack of decent support for this and be able to use the password can be considered last resort.

Norbert
>
> -----
> Cheers,
> Sean
> --
> Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html

Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Peter Uhnák

On Thu, Aug 31, 2017 at 8:45 AM, Norbert Hartl <[hidden email]> wrote:


> Am 31.08.2017 um 03:32 schrieb Sean P. DeNigris <[hidden email]>:
>
> https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
> configure Iceberg with the "Use Custom SSH Keys" setting, part of which
> seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is
> that a good idea (i.e. is that safe)?
>
>
Not at all!

Just about as safe as storing credentials for SmalltalkHub. (and to be fair, STHub is even worse in that the connection is not encrypted. Imagine someone observing traffic on PharoDays/ESUG conf.)

If you are not giving your work image to anyone else, I don't see what difference it would make. And if you are worrying about malicious code extracting it from your settings... I would be more worried about full access to your system...

Peter
Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

NorbertHartl

Am 31.08.2017 um 09:30 schrieb Peter Uhnák <[hidden email]>:


On Thu, Aug 31, 2017 at 8:45 AM, Norbert Hartl <[hidden email]> wrote:


> Am 31.08.2017 um 03:32 schrieb Sean P. DeNigris <[hidden email]>:
>
> https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
> configure Iceberg with the "Use Custom SSH Keys" setting, part of which
> seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is
> that a good idea (i.e. is that safe)?
>
>
Not at all!

Just about as safe as storing credentials for SmalltalkHub. (and to be fair, STHub is even worse in that the connection is not encrypted. Imagine someone observing traffic on PharoDays/ESUG conf.)

I didn't say something different. But having one bad solution makes another bad solution not better. Both are no-gos!

If you are not giving your work image to anyone else, I don't see what difference it would make. And if you are worrying about malicious code extracting it from your settings... I would be more worried about full access to your system…

So you do not put passphrases on your ssh keys? Because you don't give the private key away why protect it? So imagine you have development process that includes a jenkins that needs to build the source and therefor needs access to the repository. What do you do?

And it is not only for access to git repos and such. If we want to develop decent systems we need a way to store credentials safe and external to the image.

Norbert




Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Denis Kudriashov
In reply to this post by Sean P. DeNigris
But ssh agent not working for you?

I work with Iceberg without extra configuration in image. No problems for me. But I am on Mac. 
So image now only keeps github password for pull requests.

(Only problem with latest Mac update is that I am now manually add ssh keys after any reboot: ssh-add -A).  

2017-08-31 3:32 GMT+02:00 Sean P. DeNigris <[hidden email]>:
https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
configure Iceberg with the "Use Custom SSH Keys" setting, part of which
seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is
that a good idea (i.e. is that safe)?



-----
Cheers,
Sean
--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html


Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

EstebanLM
you are all confused :)

Sean talks about storing the passphrase for SSH, not the HTTPS user/pass. 
Nevertheless both, passphrase and user/pass needs to be stored on Pharo and then they are not safe. 

Now, how can we reliable store passwords in Pharo? 
This is a good thing we need to solve before blame Iceberg :P

So far, we can do just two things to avoid this problem: 

- do not store the passwords on Pharo, which means we need to introduce them each time we use it (not very confortable… and btw this can be not working on ssh mode, I didn’t test).
- use ssh keys without password protection. I have to be honest: since I never used password protection of ssh keys in my life, I never seen this problem until Norbert pointed it to me :P

I will be glad to have a general solution for password storing in Pharo. 
But that would be like creating a keychain, isn’t? 
Also, the openness of our system makes the problem even harder… :S

cheers, 
Esteban

On 31 Aug 2017, at 10:29, Denis Kudriashov <[hidden email]> wrote:

But ssh agent not working for you?

I work with Iceberg without extra configuration in image. No problems for me. But I am on Mac. 
So image now only keeps github password for pull requests.

(Only problem with latest Mac update is that I am now manually add ssh keys after any reboot: ssh-add -A).  

2017-08-31 3:32 GMT+02:00 Sean P. DeNigris <[hidden email]>:
https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
configure Iceberg with the "Use Custom SSH Keys" setting, part of which
seems to include pasting one's SSH Key Passphrase into Pharo's settings. Is
that a good idea (i.e. is that safe)?



-----
Cheers,
Sean
--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html



Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Peter Uhnák
In reply to this post by NorbertHartl
So you do not put passphrases on your ssh keys?

Not always.
 
Because you don't give the private key away why protect it? So imagine you have development process that includes a jenkins that needs to build the source and therefor needs access to the repository. What do you do?

I give it a password-less ssh key, encrypted in some manner. (I do not know what Jenkins offers, but both Travis and GitLab(Runner) support file/data encryption.)
Adding the build server a password on top of the key would make no difference. If you have access to one, you have the access to the other.

Peter

Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Tim Mackinnon
To further her add to what Peter is saying - in GitLab you can add secret variables (which are encrypted) and can be referenced only during the build process.

So you can call your image with the value of one of these variables. Which is fine if you don't persist the value.

I'm wondering if we have a concept of "transient" variables that don't persist on image save? Then iceberg could use one of those, and expect you to pass that value through on the command line of Pharo?  I was toying with the idea of having an encrypted vault in my image (to hold multiple values for convenience) and I would then pass an unlock value on the command line - but I would need some way to ensure that value isn't persisted? Is this where a plugin might help? Something to save a value transiently only during image execution?

Tim

Sent from my iPhone

On 31 Aug 2017, at 12:52, Peter Uhnák <[hidden email]> wrote:

So you do not put passphrases on your ssh keys?

Not always.
 
Because you don't give the private key away why protect it? So imagine you have development process that includes a jenkins that needs to build the source and therefor needs access to the repository. What do you do?

I give it a password-less ssh key, encrypted in some manner. (I do not know what Jenkins offers, but both Travis and GitLab(Runner) support file/data encryption.)
Adding the build server a password on top of the key would make no difference. If you have access to one, you have the access to the other.

Peter

Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

NorbertHartl
In reply to this post by Peter Uhnák

Am 31.08.2017 um 12:52 schrieb Peter Uhnák <[hidden email]>:

So you do not put passphrases on your ssh keys?

Not always.
 
Because you don't give the private key away why protect it? So imagine you have development process that includes a jenkins that needs to build the source and therefor needs access to the repository. What do you do?

I give it a password-less ssh key, encrypted in some manner. (I do not know what Jenkins offers, but both Travis and GitLab(Runner) support file/data encryption.)
Adding the build server a password on top of the key would make no difference. If you have access to one, you have the access to the other.

So deal with it outside of the image. It is the same situation as a sandbox and key chain access. Exactly what I was meaning.

Norbert


Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Sean P. DeNigris
Administrator
In reply to this post by Peter Uhnák
Peter Uhnák wrote
> Just about as safe as storing credentials for SmalltalkHub. (and to be
> fair, STHub is even worse in that the connection is not encrypted. Imagine
> someone observing traffic on PharoDays/ESUG conf.)





-----
Cheers,
Sean
--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html

Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Sean P. DeNigris
Administrator
In reply to this post by Peter Uhnák
Oops, misfire. Let me try that again…


Peter Uhnák wrote
> Just about as safe as storing credentials for SmalltalkHub. (and to be
> fair, STHub is even worse in that the connection is not encrypted. Imagine
> someone observing traffic on PharoDays/ESUG conf.)

That is exactly why I originally moved all my projects to GitHub and have
tried to fork as many of the outside projects I use there as well (of course
the fork part is practically impossible to keep up).



-----
Cheers,
Sean
--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html

Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: Bloc: Safe to Store SSH Passphrase in Pharo?

Stephane Ducasse-3
In reply to this post by EstebanLM
On Thu, Aug 31, 2017 at 11:23 AM, Esteban Lorenzano <[hidden email]> wrote:

> you are all confused :)
>
> Sean talks about storing the passphrase for SSH, not the HTTPS user/pass.
> Nevertheless both, passphrase and user/pass needs to be stored on Pharo and
> then they are not safe.
>
> Now, how can we reliable store passwords in Pharo?
> This is a good thing we need to solve before blame Iceberg :P
>
> So far, we can do just two things to avoid this problem:
>
> - do not store the passwords on Pharo, which means we need to introduce them
> each time we use it (not very confortable… and btw this can be not working
> on ssh mode, I didn’t test).

can we store them in the starting preferences?


> - use ssh keys without password protection. I have to be honest: since I
> never used password protection of ssh keys in my life, I never seen this
> problem until Norbert pointed it to me :P
>
> I will be glad to have a general solution for password storing in Pharo.
> But that would be like creating a keychain, isn’t?
> Also, the openness of our system makes the problem even harder… :S
>
> cheers,
> Esteban
>
> On 31 Aug 2017, at 10:29, Denis Kudriashov <[hidden email]> wrote:
>
> But ssh agent not working for you?
>
> I work with Iceberg without extra configuration in image. No problems for
> me. But I am on Mac.
> So image now only keeps github password for pull requests.
>
> (Only problem with latest Mac update is that I am now manually add ssh keys
> after any reboot: ssh-add -A).
>
> 2017-08-31 3:32 GMT+02:00 Sean P. DeNigris <[hidden email]>:
>>
>> https://github.com/pharo-vcs/iceberg/blob/master/README.md suggests to
>> configure Iceberg with the "Use Custom SSH Keys" setting, part of which
>> seems to include pasting one's SSH Key Passphrase into Pharo's settings.
>> Is
>> that a good idea (i.e. is that safe)?
>>
>>
>>
>> -----
>> Cheers,
>> Sean
>> --
>> Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html
>>
>
>