On Tuesday 15 April 2008, Clint Dilks wrote: > 1. Currently all of the key pairs we are using have empty passphrases is > it worth the effort of changing this and setting up ssh-agent compared > to what you gain in security by doing this ? To get a clear idea of what keys with no passphrases are like consider the idea that users put their regular password in /home/$USER/my_passwd.txt We try our very best to stop any use of key-pairs without passphrase. All modern distros have ssh-agents. Using it is trivial, not using it is lazy. For extra security use "ssh-add -c" and you'll know when your agent is actually signing stuff. /Peter
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
