Re: ssh

On Wed, Feb 28, 2007 at 10:43:23AM -0800, Andrew Sackville-West wrote:
On Wed, Feb 28, 2007 at 05:35:42PM +0100, Sven Arvidsson wrote:

Another great package is libpam-ssh, unlocking your ssh keys at login
time, meaning you will only need to type a password once.

because I'm too lazy to research it, why is this any better than a
passwordless key? If someone is using your login then your ssh keys
are unlocked.

I think because this defends against outside attack. If you let someone
use your login (even if your keys have a passphrase) and you have them
loaded into ssh-agent, then you have the same problem.

Regards,

-Roberto

--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature

Relevant Pages

  • Re: sftp question
    ... Regardless, I would be surprised if what you ... had didn't support SSH keys, which are a better way to go then passwords ... login, and I use it everyday to login to most of my machines:) Some ... > launched with a Cshell script and have the password/passphrase entered ...
    (SSH)
  • Re: ssh
    ... unlocking your ssh keys at login ... The premises of ssh-agent is ...
    (Debian-User)
  • Re: HowTo change password on multiple machines (fast)
    ... to automate process of changing passwords without "expect" program. ... If you can login with ssh keys do you really need to change your password? ...
    (alt.os.linux)
  • Re: ssh
    ... unlocking your ssh keys at login ... meaning you will only need to type a password once. ...
    (Debian-User)