Date: Tue, 5 Mar 2002 12:06:10 +0000 From: Bruce M Simpson <bms@spc.org> To: Rasputin <rasputin@submonkey.net> Cc: freebsd-security@freebsd.org Subject: Re: SSH Message-ID: <20020305120610.B494@spc.org> In-Reply-To: <20020212021144.AB98D9EE47@okeeffe.bestweb.net>; from rasputin@submonkey.net on Tue, Feb 05, 2002 at 02:26:58PM %2B0000 References: <20020212021144.AB98D9EE47@okeeffe.bestweb.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 05, 2002 at 02:26:58PM +0000, Rasputin wrote: > * Michael Vince <michael@roq.com> [020205 08:05]: > > I just wanted to know how dangerous are ssh keys with no password phrases? > You need to keep them safe, since any old monkey can use them to get into > boxes as you ( although you can restirct that slightly - see the AUTHORIZED_KEYS > part in sshd(8) ) Generally I keep my SSH keys and personal X.509 certs on a floppy which is carried on my person at all times, although I am shortly going to be converting to either Memory Stick or CompactFlash now that readers (and media) are so easily available. Passwords are important - always keep physical control over your keys. Keeping them encrypted with IDEA is an important time buying measure if you do lose them, unless the password is also compromised (careless!), in which case you lose all security. I find it helpful to use multiple SSH keys for different domains of trust- i.e. never mix business with pleasure. BMS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020305120610.B494>