Judson Lester <jlester@tulane.edu> writes:
ssh-agent really handles this nicely. When I login to an X session on my
laptop, the session is actually started by ssh-agent. I then to
ssh-add to type my passphrase once and then it's added to the current agent
session. I can then login without typing passphrase. (keep that X desktop
locked!) with agent forwarding in sshd_config in my remotes, I can hop from
station to station within the remote lan without having my key reside on the
remote boxes.
> On Sunday, July 20, 2003, at 09:14 PM, Mark A. Hershberger wrote:
>
>> "Brian D. Mayeur" <bmayeur@bmay.net> writes:
>>
>>> In order to login without a password, you just copy your
>>> identity.pub key into the authorized_keys file on the remote system.
>>> I have been against FTP ever since I noticed my password in the
>>> status bar during downloads.
>>
>> But, again, note that having an unprotected keypair is just slightly
>> better than cleartext passwords.
>>
>> If your key falls into the wrong hands, you've given that person
>> passwordless access to your accounts.
>
> While I agree that not having a passphrase on your keypair is nowhere
> near as good as having one, I think a pasphrase-less keypair is much
> superior to cleartext passwords. On the other hand, ssh password
> authentication does *not* occur in the clear, so it's a definite leg
> up over services like ftp or http auth where passwords do pass in the
> clear.
>
> Ultimately, empty-password keypairs are like a physical key. If you
> lose it, someone else can open your front door (with the extra
> downside that you probably won't know you lost it.) On the other
> hand, cleartext passwords are like shouting your PIN down a darkened
> hallway. At least there's a reasonable (if not paranoid) assumption of
> security for keypairs.
>
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
-- Scott Harney<scotth@scottharney.com> "...and one script to rule them all." gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 ___________________ Nolug mailing list nolug@nolug.orgReceived on 07/21/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST