[CentOS] SSH Question relating to Public and Private Keys
Morten Nilsen
morten at runsafe.no
Tue Apr 15 06:06:42 UTC 2008
Clint Dilks wrote:
> 1. Currently all of the key pairs we are using have empty passphrases is
> it worth the effort of changing this and setting up ssh-agent compared
> to what you gain in security by doing this ?
Certainly, adding passphrases nudges the security up a step, as
otherwise a compromised account means the offender can log onto any
other system - or in the case of compromised root, can log in anywhere
as anyone..
It comes down to, like all security measures, a balancing act between
security and ease-of-use.. You need to take into consideration what data
is around the systems, and what the worst case scenario would be..
--
Cheers,
Morten
More information about the CentOS
mailing list