Re: SSH Question relating to Public and Private Keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Apr 16, 2008 at 8:15 PM, Brian Mathis <brian.mathis@xxxxxxxxx> wrote:
>
> On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <cap@xxxxxxxxxx> wrote:
>  > On Tuesday 15 April 2008, Clint Dilks wrote:
>  >  > 1. Currently all of the key pairs we are using have empty passphrases is
>  >  > it worth the effort of changing this and setting up ssh-agent compared
>  >  > to what you gain in security by doing this ?
>  >
>  >  To get a clear idea of what keys with no passphrases are like consider the
>  >  idea that users put their regular password in /home/$USER/my_passwd.txt
>  >
>  >  /Peter
>  >
>
>  This is a HUGE step backwards in security!  Now when your system in
>  compromised, the attacker will be able to get into ALL of the systems
>  that user has used that password on.  Face it, users often use the
>  same password everywhere.  This is really a bad, bad idea.

OK, I misread this part ;) Sorry.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux