On Tue, Jan 21, 2003 at 04:06:30PM -0800, Michael K. Smith wrote: > > On Tuesday, January 21, 2003, at 03:00 PM, Bob Willcox wrote: > > >On Tue, Jan 21, 2003 at 02:38:33PM -0800, Michael K. Smith wrote: > >> > >>Hello: > >> > >>Did you create your keys with no passwords, as in "ssh-keygen -t dsa" > >>then just hit return a couple of times instead of giving a password? > > > >No, I didn't try that yet...just did now and it works! Great! :-) What > >is the downside (if any) to not specifying a passphrase? > > Well, if someone got your private keys without a password, they could > use them to log in all over your network using just the scenario you > are using now. That's one reason to have rwx for the user only on the > .ssh directory. But, I think the likelihood of this is fairly small > (famous last words, I know).
In this particular case that shouldn't be a real problem since these are simply test systems in a lab invironment and they will probably get reinstalled over within a few months anyway. :-) Bob > > Mike > > ------------------------------------------------------------------------ > -- > Michael K. Smith NoaNet > 206.219.7116 (work) 206.579.8360 (cell) > [EMAIL PROTECTED] http://www.noanet.net -- Bob Willcox We seem to have forgotten the simple truth that [EMAIL PROTECTED] reason is never perfect. Only non-sense attains Austin, TX perfection. -- Poul Henningsen [1894-1967] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
