Date: Tue, 5 Feb 2002 14:26:58 +0000 From: Rasputin <rasputin@submonkey.net> To: Michael Vince <michael@roq.com> Cc: security@freebsd.org Subject: Re: SSH Message-ID: <20020205142658.A18406@shikima.mine.nu> In-Reply-To: <028101c1ae1b$55ee38b0$2e01a8c0@MICHAEL2>; from michael@roq.com on Tue, Feb 05, 2002 at 07:01:36PM %2B1100 References: <028101c1ae1b$55ee38b0$2e01a8c0@MICHAEL2>
next in thread | previous in thread | raw e-mail | index | archive | help
* Michael Vince <michael@roq.com> [020205 08:05]: > Hey all. > I was thinking about setting up a maximum lazyness maximum security security policy for my self. > I just wanted to know how dangerous are ssh keys with no password phrases? You need to keep them safe, since any old monkey can use them to get into boxes as you ( although you can restirct that slightly - see the AUTHORIZED_KEYS part in sshd(8) ) > I mean if some one is packet sniffing you how much more bad is it to have a ssh2 > key with no pass phrase compared to one that does.. Makes no difference as far as sniffing is concerned - network traffic relies on the key, not the phrase. > And how bad would it be to have all the servers I have access to with different keys > but the exact same password phrase like "pepsi"? The nyou're replacing multiple passwords with multiple keys, don't see how that'd help you. At least one key being stolen won't compromise all servers. > And is it more secure to have a pass phraseless (no pass phrase) ssh key compared to > just using ssh with no keys and just using a password that belongs to the unix account? If you can't kee pa key safe, then a frequently-changed password will do, I guess - although bear in mind you don't have the same ability to stop logins from other boxes (not in SSH itself, anyway) -- Democracy is a government where you can say what you think even if you don't think. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020205142658.A18406>