[CentOS] SSH Question relating to Public and Private Keys

Tue Apr 15 12:12:20 UTC 2008
Peter Kjellstrom <cap at nsc.liu.se>

On Tuesday 15 April 2008, Clint Dilks wrote:
> 1. Currently all of the key pairs we are using have empty passphrases is
> it worth the effort of changing this and setting up ssh-agent compared
> to what you gain in security by doing this ?

To get a clear idea of what keys with no passphrases are like consider the 
idea that users put their regular password in /home/$USER/my_passwd.txt

We try our very best to stop any use of key-pairs without passphrase. All 
modern distros have ssh-agents. Using it is trivial, not using it is lazy. 
For extra security use "ssh-add -c" and you'll know when your agent is 
actually signing stuff.

/Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080415/318d1068/attachment-0005.sig>