On Tue, Apr 15, 2008 at 7:56 AM, Clint Dilks clintd@scms.waikato.ac.nz wrote:
- Currently all of the key pairs we are using have empty passphrases is it
worth the effort of changing this and setting up ssh-agent compared to what you gain in security by doing this ?
Sure. In the first case someone would only need the key to get into a machine, in the second case you need a key and a passphrase.
Of course, that's stating the obvious, but it clearly adds a layer of security. So, do you want to trade security for comfort? I wouldn't, but that's your choice to make.
- At this stage I am going to use RSA Keys of the default size, is this
generally the best approach?
While asymmetric cryptography is slow, the RSA keys are used to exchange keys for (fast) symmetric cryptography. So, it's usually a good idea to create large keys. Fortunately, the default in OpenSSH is 2048, which seems to be a fair key size.
-- Daniel