On Wed, Apr 16, 2008 at 8:15 PM, Brian Mathis <brian.mathis at gmail.com> wrote: > > On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <cap at nsc.liu.se> wrote: > > On Tuesday 15 April 2008, Clint Dilks wrote: > > > 1. Currently all of the key pairs we are using have empty passphrases is > > > it worth the effort of changing this and setting up ssh-agent compared > > > to what you gain in security by doing this ? > > > > To get a clear idea of what keys with no passphrases are like consider the > > idea that users put their regular password in /home/$USER/my_passwd.txt > > > > /Peter > > > > This is a HUGE step backwards in security! Now when your system in > compromised, the attacker will be able to get into ALL of the systems > that user has used that password on. Face it, users often use the > same password everywhere. This is really a bad, bad idea. OK, I misread this part ;) Sorry.