Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] SSH & Public Keys
  • From: Steven Hatfield <ashari@xxxxxxxxxxxxxxx>
  • Date: Tue, 28 Aug 2001 15:24:18 -0400
  • Message-id: <200108281924.f7SJOIT22801@xxxxxxxxxxxxxxxxxxxxxxxx>
On Tuesday 28 August 2001 03:16 pm, Daniel Prosser wrote:
> On 28 Aug 2001 13:47:14 -0400, dog@xxxxxxxxx wrote:
> > on the client, do this
> > ssh-keygen and enter no passphrase. this generates an identity and an
> > identity.pub in /home/username/.ssh/
> > now copy the identity.pub to the remote machine and put it in
> > /home/username/.ssh/ but rename it to authorized_keys
> > now try to login via ssh and it should just go without a password prompt
>
> This is a bad idea, IMHO. You should always use a passphrase with your
> SSH keys. You should have some form of proof of identity if you want
> to use ssh -- preferably either a passphrase or an authorized key held
> by ssh-agent. Otherwise, if say, your account gets compromised and the
> cracker finds that your ssh key has no passphrase, he only needs to look
> at the authorized_keys file for a list of your accounts on other hosts
> he can try. Bad news.
>
> Daniel

I agree with Daniel, wasn't this how sourceforge was cracked?

IMHO, insecurity for the sake of convenience is always the worst policy.

-Steven

--
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Steven Hatfield http://www.knightswood.net
Registered Linux User #220336 ICQ: 7314105
Useless Machine Data:
Running SuSE Linux 7.2 Professional and KDE2.2
3:23pm up 8 days, 18:27, 1 user, load average: 0.39, 0.27, 0.13
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Random Quote:
There is no substitute for good manners, except, perhaps, fast reflexes.

< Previous Next >
References