Date: Tue, 10 Oct 2000 09:23:58 -0700 (PDT) From: Matt Dillon <dillon@earth.backplane.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: Kris Kennaway <kris@citusc.usc.edu>, Terry Lambert <tlambert@primenet.com>, arch@FreeBSD.org, Poul-Henning Kamp <phk@critter.freebsd.dk>, Warner Losh <imp@village.org>, Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl> Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200010101623.e9AGNwY13314@earth.backplane.com> References: <Pine.NEB.3.96L.1001010095155.90573M-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:As I pointed out earlier, there needs to be a way for the administrator to :securely retrieve the SSH key so that they can log in securely. Otherwise :the whole point of using SSH is lost. If they just blindly accept the key : : Robert N M Watson :robert@fledge.watson.org http://www.watson.org/~robert/ The public key you stick in your authorized_keys file is... well, public. You can retrieve it over an unsecure network just fine and it doesn't really matter who sniffs it. A good sysop will change the key every month or two just to maintain control over leakage of the private key (since people need the private key to be able to ssh to the box being installed), but that's about it. It's a whole lot better then transfering an encrypted password file and distributing the plaintext root password to all the sysads (not to mention the fact that no sysad in their right mind enables plaintext password logins to root over a network). -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010101623.e9AGNwY13314>