Some of you may recall that a while ago I posted that our CS server was hacked, and now as part of the cleanup they've disabled all of our accounts until we visit the prof in charge to get them re-enabled. It turns out this was no big deal for me because I had SSH shared keys setup so that I could login passwordless, and it still lets me in from my computer even though I can't do anything that requires my password. The opposite is not true though, i can't login to my computer from the CS one without a password because I (thankfully) never bothered to set it up (doesn't work well anyway for various reasons).

Anyway, my question is this: With the public key on the CS server (in ~/.ssh/authorized_keys2), no one could gain access to my computer, right? They could take it and allow me to login without a password to one of their computers, but again not the other way around since that's the way it was setup in the first place. That makes sense to me, but I wanted to run it past some people who know more about it than me (and I'm not sure anyone at my school qualifies;)).

Also, assuming that the above is true, do I need to regenerate my keys to make sure no one could potentially get in to the server again because they got ahold of my public key? I also don't think this should be true since that would sort of defeat the purpose of the whole thing, but again I'm not sure.

TIA.

You're fine, they couldn't log into your account on the server without your private key and they can't log into your computer with your public key, so you don't have anything to worry about. But if you can get into your account, when they have supposedly disabled it, whoever compromised the server might be able to do the same if they set up their own ssh keys, so it may be sensible to tell those running the server about this, though it could cause you to lose the advantage you have of being able to log into your account.

Thanks, that answers my questions and then some. I hadn't considered the fact that the hackers may have set up shared keys as well. I'll have to try to get over there today and talk to them about it.

Well, they didn't seem too concerned. I'm not going to worry about it anymore because I already backup my stuff on the network drives and I've done all I can:rolleyes:

Err... They're not "shared keys". ;)

If they were shared keys, then someone breaking into your account would actually be a major problem -- because "shared keys" means that the encrypting key has the same value as the decrypting key.

But the major advantage of SSH's public-key authentication is that it uses, well, public-key authentication. ;) The private key is different from the public key, and you can't derive the private key if you know the public one. (If you know the private one, you can derive the public one, but not the other way around). Functions (in math) that are believed to be one-way are really cool. ;)

It sounds like you want to say they may have "compromised" your public key -- which is actually not a compromise of anything, because your public key is supposed to be distributed to others. :)

Heh, you're right, I meant the public key. I wasn't sure what the proper terminology was.:)

I think maybe I was getting confused with wireless encryption? But that's a thread for another time...;)