|Hack:||Quick Logins with ssh Client Keys|
|Subject:||Don't use plaintext keys for interactive logins|
There's no reason to use a plaintext (passwordless) key for interactive logins, ever. Despite what the author says, a passwordless key is NOT "the same" level of security as a password, since the key sits ON DISK, unencrypted, and a password does not. A better analogy would be putting your sensitive login password into a file named "StealMe.txt". Instead, use a strong passphrase and run ssh-agent to avoid the need to type passwords. For interactive use, this is a far better solution: now an attacker would need TWO secrets (your key and your passphrase) to impersonate you, and you still get passwordless logins.
Showing messages 1 through 1 of 1.
Novice - almost caught by existing authorized_keys2
2003-12-30 22:32:09 anonymous2 [View]
|Showing messages 1 through 1 of 1.|