[CentOS] SSH Question relating to Public and Private Keys
Daniel de Kok
me at danieldk.org
Tue Apr 15 08:23:15 UTC 2008
On Tue, Apr 15, 2008 at 7:56 AM, Clint Dilks <clintd at scms.waikato.ac.nz> wrote:
> 1. Currently all of the key pairs we are using have empty passphrases is it
> worth the effort of changing this and setting up ssh-agent compared to what
> you gain in security by doing this ?
Sure. In the first case someone would only need the key to get into a
machine, in the second case you need a key and a passphrase.
Of course, that's stating the obvious, but it clearly adds a layer of
security. So, do you want to trade security for comfort? I wouldn't,
but that's your choice to make.
> 2. At this stage I am going to use RSA Keys of the default size, is this
> generally the best approach?
While asymmetric cryptography is slow, the RSA keys are used to
exchange keys for (fast) symmetric cryptography. So, it's usually a
good idea to create large keys. Fortunately, the default in OpenSSH is
2048, which seems to be a fair key size.
-- Daniel
More information about the CentOS
mailing list