Date: Tue, 5 Feb 2002 19:01:36 +1100 From: "Michael Vince" <michael@roq.com> To: <security@freebsd.org> Subject: SSH Message-ID: <028101c1ae1b$55ee38b0$2e01a8c0@MICHAEL2>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_027E_01C1AE77.88EF2600 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hey all. I was thinking about setting up a maximum lazyness maximum security = security policy for my self. I just wanted to know how dangerous are ssh keys with no password = phrases? I mean if some one is packet sniffing you how much more bad is = it to have a ssh2 key with no pass phrase compared to one that does.. And how bad would it be to have all the servers I have access to with = different keys but the exact same password phrase like "pepsi"? And is it more secure to have a pass phraseless (no pass phrase) ssh key = compared to just using ssh with no keys and just using a password that = belongs to the unix account? I just find my self having alot of passwords to remember and looking and = changing the way I do things. ------=_NextPart_000_027E_01C1AE77.88EF2600 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2712.300" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hey all.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I was thinking about setting up a = maximum lazyness=20 maximum security security policy for my self.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I just wanted to know how dangerous are = ssh keys=20 with no password phrases? I mean if some one is packet sniffing you how = much=20 more bad is it to have a ssh2 key with no pass phrase compared to one = that=20 does..</FONT></DIV> <DIV><FONT face=3DArial size=3D2>And how bad would it be to have all the = servers I=20 have access to with different keys but the exact same password phrase = like=20 "pepsi"?</FONT></DIV> <DIV><FONT face=3DArial size=3D2>And is it more secure to have = a pass=20 phraseless (no pass phrase) ssh key compared to just using ssh with = no keys=20 and just using a password that belongs to the unix account?</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I just find my self having alot of = passwords to=20 remember and looking and changing the way I do things.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV></BODY></HTML> ------=_NextPart_000_027E_01C1AE77.88EF2600-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028101c1ae1b$55ee38b0$2e01a8c0>