On Wed, Apr 16, 2008 at 8:15 PM, Brian Mathis brian.mathis@gmail.com wrote:
On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom cap@nsc.liu.se wrote:
On Tuesday 15 April 2008, Clint Dilks wrote:
- Currently all of the key pairs we are using have empty passphrases is
it worth the effort of changing this and setting up ssh-agent compared to what you gain in security by doing this ?
To get a clear idea of what keys with no passphrases are like consider the idea that users put their regular password in /home/$USER/my_passwd.txt
/Peter
This is a HUGE step backwards in security! Now when your system in compromised, the attacker will be able to get into ALL of the systems that user has used that password on. Face it, users often use the same password everywhere. This is really a bad, bad idea.
OK, I misread this part ;) Sorry.