Date: Tue, 5 Feb 2002 19:01:36 +1100 From: "Michael Vince" <michael@roq.com> To: <security@freebsd.org> Subject: SSH Message-ID: <028101c1ae1b$55ee38b0$2e01a8c0@MICHAEL2>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hey all. I was thinking about setting up a maximum lazyness maximum security security policy for my self. I just wanted to know how dangerous are ssh keys with no password phrases? I mean if some one is packet sniffing you how much more bad is it to have a ssh2 key with no pass phrase compared to one that does.. And how bad would it be to have all the servers I have access to with different keys but the exact same password phrase like "pepsi"? And is it more secure to have a pass phraseless (no pass phrase) ssh key compared to just using ssh with no keys and just using a password that belongs to the unix account? I just find my self having alot of passwords to remember and looking and changing the way I do things. [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2712.300" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Hey all.</FONT></DIV> <DIV><FONT face=Arial size=2>I was thinking about setting up a maximum lazyness maximum security security policy for my self.</FONT></DIV> <DIV><FONT face=Arial size=2>I just wanted to know how dangerous are ssh keys with no password phrases? I mean if some one is packet sniffing you how much more bad is it to have a ssh2 key with no pass phrase compared to one that does..</FONT></DIV> <DIV><FONT face=Arial size=2>And how bad would it be to have all the servers I have access to with different keys but the exact same password phrase like "pepsi"?</FONT></DIV> <DIV><FONT face=Arial size=2>And is it more secure to have a pass phraseless (no pass phrase) ssh key compared to just using ssh with no keys and just using a password that belongs to the unix account?</FONT></DIV> <DIV><FONT face=Arial size=2>I just find my self having alot of passwords to remember and looking and changing the way I do things.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028101c1ae1b$55ee38b0$2e01a8c0>