[CentOS] SSH Question relating to Public and Private Keys
Brian Mathis
brian.mathis at gmail.comThu Apr 17 00:16:46 UTC 2008
- Previous message: [CentOS] SSH Question relating to Public and Private Keys
- Next message: [CentOS] SSH Question relating to Public and Private Keys
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Apr 16, 2008 at 8:15 PM, Brian Mathis <brian.mathis at gmail.com> wrote: > > On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <cap at nsc.liu.se> wrote: > > On Tuesday 15 April 2008, Clint Dilks wrote: > > > 1. Currently all of the key pairs we are using have empty passphrases is > > > it worth the effort of changing this and setting up ssh-agent compared > > > to what you gain in security by doing this ? > > > > To get a clear idea of what keys with no passphrases are like consider the > > idea that users put their regular password in /home/$USER/my_passwd.txt > > > > /Peter > > > > This is a HUGE step backwards in security! Now when your system in > compromised, the attacker will be able to get into ALL of the systems > that user has used that password on. Face it, users often use the > same password everywhere. This is really a bad, bad idea. OK, I misread this part ;) Sorry.
- Previous message: [CentOS] SSH Question relating to Public and Private Keys
- Next message: [CentOS] SSH Question relating to Public and Private Keys
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list