[CentOS] SSH Question relating to Public and Private Keys
Peter Kjellstrom
cap at nsc.liu.se
Tue Apr 15 12:12:20 UTC 2008
On Tuesday 15 April 2008, Clint Dilks wrote:
> 1. Currently all of the key pairs we are using have empty passphrases is
> it worth the effort of changing this and setting up ssh-agent compared
> to what you gain in security by doing this ?
To get a clear idea of what keys with no passphrases are like consider the
idea that users put their regular password in /home/$USER/my_passwd.txt
We try our very best to stop any use of key-pairs without passphrase. All
modern distros have ssh-agents. Using it is trivial, not using it is lazy.
For extra security use "ssh-add -c" and you'll know when your agent is
actually signing stuff.
/Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080415/318d1068/attachment.sig>
More information about the CentOS
mailing list