Clint Dilks wrote: > 1. Currently all of the key pairs we are using have empty passphrases is > it worth the effort of changing this and setting up ssh-agent compared > to what you gain in security by doing this ? Certainly, adding passphrases nudges the security up a step, as otherwise a compromised account means the offender can log onto any other system - or in the case of compromised root, can log in anywhere as anyone.. It comes down to, like all security measures, a balancing act between security and ease-of-use.. You need to take into consideration what data is around the systems, and what the worst case scenario would be.. -- Cheers, Morten