Re: Passing password in ssh

On Tue, 2008-01-22 at 11:38 -0800, Aldo Foot wrote:

On Jan 22, 2008 8:34 AM, Gijs <info@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Or you can do it the "easy" way. Use public keys without a
password on it.
You won't have to type in any password, so you won't get the
anymore, and it's relatively secure.

I agree. Passwordless SSH keys are _very_ insecure in my opinion.
Just pray that the account owning they keys is not compromised...
because then
the floodgates are opened.
Of course this is a non-issue if your systems are in some private net
no exposed
to outside traffic.
I'm confused by this comment.

If you use ssh keys, does it matter whose accounts is compromised? Once
the account is compromised, couldn't they just load a keylogger?

And then, ssh keys still have passwords unless the creator of the keys
decides to omit a password.

Am I missing something here?


fedora-list mailing list
To unsubscribe: