From owner-freebsd-security Tue Feb 5 0: 2: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mta04ps.bigpond.com (mta04ps.bigpond.com [144.135.25.136]) by hub.freebsd.org (Postfix) with ESMTP id 9240837B42A for ; Tue, 5 Feb 2002 00:01:37 -0800 (PST) Received: from MICHAEL2 ([144.135.25.87]) by mta04ps.bigpond.com (Netscape Messaging Server 4.15) with SMTP id GR1VYN00.9VJ for ; Tue, 5 Feb 2002 18:08:47 +1000 Received: from CPE-203-45-56-251.vic.bigpond.net.au ([203.45.56.251]) by psmam07.mailsvc.email.bigpond.com(MailRouter V3.0h 125/6804500); 05 Feb 2002 18:01:34 Message-ID: <028101c1ae1b$55ee38b0$2e01a8c0@MICHAEL2> From: "Michael Vince" To: Subject: SSH Date: Tue, 5 Feb 2002 19:01:36 +1100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_027E_01C1AE77.88EF2600" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_027E_01C1AE77.88EF2600 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hey all. I was thinking about setting up a maximum lazyness maximum security = security policy for my self. I just wanted to know how dangerous are ssh keys with no password = phrases? I mean if some one is packet sniffing you how much more bad is = it to have a ssh2 key with no pass phrase compared to one that does.. And how bad would it be to have all the servers I have access to with = different keys but the exact same password phrase like "pepsi"? And is it more secure to have a pass phraseless (no pass phrase) ssh key = compared to just using ssh with no keys and just using a password that = belongs to the unix account? I just find my self having alot of passwords to remember and looking and = changing the way I do things. ------=_NextPart_000_027E_01C1AE77.88EF2600 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hey all.

I was thinking about setting up a = maximum lazyness=20 maximum security security policy for my self.

I just wanted to know how dangerous are = ssh keys=20 with no password phrases? I mean if some one is packet sniffing you how = much=20 more bad is it to have a ssh2 key with no pass phrase compared to one = that=20 does..

And how bad would it be to have all the = servers I=20 have access to with different keys but the exact same password phrase = like=20 "pepsi"?

And is it more secure to have = a pass=20 phraseless (no pass phrase) ssh key compared to just using ssh with = no keys=20 and just using a password that belongs to the unix account?

I just find my self having alot of = passwords to=20 remember and looking and changing the way I do things.

------=_NextPart_000_027E_01C1AE77.88EF2600-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message