Re: ssh primer (was Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4))

From: Jeff Garzik (jgarzik@mandrakesoft.com)
Date: Sat Feb 09 2002 - 20:24:46 EST

Herbert Xu wrote:
>
> On Sat, Feb 09, 2002 at 07:54:29PM -0500, Jeff Garzik wrote:
> > Herbert Xu wrote:
> > >
> > > Setup your key with an empty passphrase should do the trick.
> >
> > Ug. no. That is way way insecure.
> >
> > Most modern distros have an ssh-agent running as a parent of all
> > X-spawned processed (including processes spawned by xterms). So, one
> > only needs to run
> > ssh-add ~/.ssh/id_dsa ~/.ssh/identity
> > once, and input your password once. After that, no passwords are
> > needed.
>
> This is fine for interactive use. But for a daily cron job, it's
> just as insecure as no passphrases at all.

It is far easier to guess your private key with a blank passphrase.

        Jeff 

-- 
Jeff Garzik      | "I went through my candy like hot oatmeal
Building 1024    |  through an internally-buttered weasel."
MandrakeSoft     |             - goats.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Fri Feb 15 2002 - 21:00:30 EST