1. cbeavz's Avatar
    Hey guys,
    So I've set up an SSH connection between my Blackberry Curve 8520 and my MacBook, but I'm worried it's not secure. I want to generate a key and set up RSA security and all of that, but honestly I just don't know much about such things. Has anyone played with BBSSH enough to give me a tutorial?
    As always, your help is greatly appreciated.
    04-30-10 06:26 PM
  2. jeff.parent's Avatar
    Sorry no help about BBSSH but just so you know, ssh uses SSL encryption. The only thing a key does it remove the password entry. Unless you disable password log in on your MacBooks ssh server, there's no real need for the key.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-30-10 07:18 PM
  3. Marc_Paradise's Avatar
    BBSSH author/maintainer here

    The biggest reason to use a key is to ensure that nobody except you can log into your computer. If you use username/password based, it's theoretically possible for somebody to keep trying to guess at username/password combinations to log into your machine remotely. If you use a key, you can disable that method of login.

    However, jeff.parent is otherwise correct - the data being transferred back and forth is secure with our without a key.

    That being said:

    BBSSH currently supports importing a key from an HTTP location -- expanded support will include many more options in 1.1.9 or 1.1.10, including generating a key on BBSSH itself. The key is expected to be in the format generated by the app "ssh-keygen", which you will most likely find installed on your MacBook already.
    05-06-10 12:45 PM
  4. BaconCanadian's Avatar
    What if somebody takes hold of said key?
    05-06-10 12:53 PM
  5. F0nage's Avatar
    Sorry no help about BBSSH but just so you know, ssh uses SSL encryption. The only thing a key does it remove the password entry. Unless you disable password log in on your MacBooks ssh server, there's no real need for the key.

    Posted from my CrackBerry at wapforums.crackberry.com
    SSH does not use SSL. That's a totally separate setup.
    05-06-10 01:02 PM
  6. F0nage's Avatar
    What if somebody takes hold of said key?
    That's hard to do, but if they do, then they can log on to your system if you use keyed authentication instead of password authentication.

    It's so rare, that everybody considers keyed authentication the way to go in a secure setup. After all, it's a lot harder to steal 1024 or 2048 or whatever amount of bits than it is to do a dictionary attack on a short password. Cracking a reasonable key is zillions and zillions and zillions times harder than attacking a password.
    Last edited by F0nage; 05-09-10 at 08:09 AM.
    05-06-10 01:03 PM
  7. jeff.parent's Avatar
    SSH does not use SSL. That's a totally separate setup.
    What? Sorry I must not understand the joke.
    05-08-10 12:52 PM
  8. Marc_Paradise's Avatar
    BaconCanadian - - As far as someone taking the key: you can password protect the key itself (and probably should); but generally the only way for them to get the key is to copy the file from where you're keeping it (usually your PC).

    jeff.parent -- re: SSH/SSL - F0nage was just clarifying that they're two separate technologies While they're similar in that they both deal with a method of encrypting data over the Internet (or any network) they're actually two different things.

    Here's a good link that explains the difference at a high level:
    netforbeginners.about.com/od/technoglossary/f/whatis_SSL.htm
    05-09-10 12:13 AM
LINK TO POST COPIED TO CLIPBOARD