From owner-freebsd-questions  Tue Jan 21 16: 6: 4 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F058137B401
	for <freebsd-questions@freebsd.org>; Tue, 21 Jan 2003 16:06:02 -0800 (PST)
Received: from chimera.noanet.net (chimera.noanet.net [66.119.192.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8974043F13
	for <freebsd-questions@freebsd.org>; Tue, 21 Jan 2003 16:06:02 -0800 (PST)
	(envelope-from mksmith@noanet.net)
Received: from noanet.net ([64.146.175.73])
	by chimera.noanet.net (8.12.2/8.12.2) with SMTP id h0M062tW087898;
	Tue, 21 Jan 2003 16:06:02 -0800 (PST)
Date: Tue, 21 Jan 2003 16:06:30 -0800
Subject: Re: ssh with public keys and no prompts...I can't get it to work!
Content-Type: text/plain; delsp=yes; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
Cc: questions list <freebsd-questions@freebsd.org>
To: Bob Willcox <bob@immure.com>
From: "Michael K. Smith" <mksmith@noanet.net>
In-Reply-To: <20030121230003.GD91874@luke.immure.com>
Message-Id: <5C19659C-2D9D-11D7-8983-003065CA9420@noanet.net>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.551)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


On Tuesday, January 21, 2003, at 03:00 PM, Bob Willcox wrote:

> On Tue, Jan 21, 2003 at 02:38:33PM -0800, Michael K. Smith wrote:
>>
>> Hello:
>>
>> Did you create your keys with no passwords, as in "ssh-keygen -t dsa"
>> then just hit return a couple of times instead of giving a password?
>
> No, I didn't try that yet...just did now and it works! Great! :-) What
> is the downside (if any) to not specifying a passphrase?

Well, if someone got your private keys without a password, they could  
use them to log in all over your network using just the scenario you  
are using now.  That's one reason to have rwx for the user only on the  
.ssh directory.  But, I think the likelihood of this is fairly small  
(famous last words, I know).

Mike

------------------------------------------------------------------------ 
--
Michael	K.	Smith		NoaNet
206.219.7116 (work)		206.579.8360 (cell)
mksmith@noanet.net		http://www.noanet.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message