On Tuesday 15 April 2008, Clint Dilks wrote: > 1. Currently all of the key pairs we are using have empty passphrases is > it worth the effort of changing this and setting up ssh-agent compared > to what you gain in security by doing this ? To get a clear idea of what keys with no passphrases are like consider the idea that users put their regular password in /home/$USER/my_passwd.txt We try our very best to stop any use of key-pairs without passphrase. All modern distros have ssh-agents. Using it is trivial, not using it is lazy. For extra security use "ssh-add -c" and you'll know when your agent is actually signing stuff. /Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080415/318d1068/attachment-0005.sig>