On December 26, 2002 08:27 am, the fabulous hugh at atosc dot org wrote: > Using a ssh key without a passphrase seems to be be a bad idea. > You need to look on keychain.
Depends on what you are doing but keychain definitely looks interesting (haven't given it a try yet). Looking at the description of keychain I'd still go with a passphraseless key though. I don't want automated scripts failing because a server has rebooted and I forgot to run keychain. The passphraseless key would be severely restricted: - login only allowed from known host - key only used in purpose specific case (not for general login) - key restricted in port forwards allowed - possibly forcibly running a command on login, allow nothing else I'm not sure how keychain reduces the risks. A passphraseless key is mode 400, root or user-level compromise is required for it to be used in an attack. The same level of compromise would make your keychain setup just as vulnerable, right? Fraser -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
