[CentOS] SSH Question relating to Public and Private Keys
Brian Mathis
brian.mathis at gmail.com
Thu Apr 17 00:16:46 UTC 2008
On Wed, Apr 16, 2008 at 8:15 PM, Brian Mathis <brian.mathis at gmail.com> wrote:
>
> On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <cap at nsc.liu.se> wrote:
> > On Tuesday 15 April 2008, Clint Dilks wrote:
> > > 1. Currently all of the key pairs we are using have empty passphrases is
> > > it worth the effort of changing this and setting up ssh-agent compared
> > > to what you gain in security by doing this ?
> >
> > To get a clear idea of what keys with no passphrases are like consider the
> > idea that users put their regular password in /home/$USER/my_passwd.txt
> >
> > /Peter
> >
>
> This is a HUGE step backwards in security! Now when your system in
> compromised, the attacker will be able to get into ALL of the systems
> that user has used that password on. Face it, users often use the
> same password everywhere. This is really a bad, bad idea.
OK, I misread this part ;) Sorry.
More information about the CentOS
mailing list