[CentOS] SSH Question relating to Public and Private Keys

Tue Apr 15 06:06:42 UTC 2008
Morten Nilsen <morten at runsafe.no>

Clint Dilks wrote:
> 1. Currently all of the key pairs we are using have empty passphrases is 
> it worth the effort of changing this and setting up ssh-agent compared 
> to what you gain in security by doing this ?

Certainly, adding passphrases nudges the security up a step, as 
otherwise a compromised account means the offender can log onto any 
other system - or in the case of compromised root, can log in anywhere 
as anyone..

It comes down to, like all security measures, a balancing act between 
security and ease-of-use.. You need to take into consideration what data 
is around the systems, and what the worst case scenario would be..

-- 
Cheers,
Morten