Basically, what Ed said. If you're using it for scripts that are cronned to go off late at night when no one is arount to type a password, it's not very useful. However, if you're not scripting, it can be very useful. If you are administering a number of systems with disparate password databases, you might not want to have to remember which passwords go with which systems. Rather than set all of your passwords to be the same -- bad security practice -- you could do key exchange with all of the servers and then just use the same key passphrase to login to each of them. You get the benefit of only having one password, the security of having multiple passwords from any machine but your desktop, and don't have to worry too much if someone gets your private key. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Tue, 16 Aug 2005, Ed Wilts wrote: >On Tue, Aug 16, 2005 at 03:21:17PM -0500, Kelley.Coleman@xxxxxxxxxx wrote: >> Chris - What, if anything, would be the benefit of using a passphrase with >> ssh, if you were using it mainly for shell scripts? Does it affect the >> functionality of the script? I've set all my ssh connections up without a >> passphrase, but I was curious about it. > >I've set mine up without a passphrase too but I'll take a shot at >answering your question. Basically, if somebody has access to your >private key, every system that you have access to is now theirs. This >could be your backup admin or anybody that gets a hold of your backup >tapes. > >With a passphrase, the key by itself doesn't get them anything. They >need both pieces of information to get anything useful. > >The rest that most people set up keys without passphrases is that >they're much easier to work with. The way I read the keychain >information, you get the security of a passphrase without the pain. You >only enter your passphrase once and the server hangs on to an open >session that you connect to. > > .../Ed > >-- >Ed Wilts, RHCE >Mounds View, MN, USA >mailto:ewilts@xxxxxxxxxx >Member #1, Red Hat Community Ambassador Program > >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
