On Fri, Sep 3, 2010 at 6:53 PM, Kent Fredric <[email protected]> wrote: > On 2 September 2010 13:29, C. Falconer <[email protected]> wrote: >> Another option is to use ssh keys, which are inherently more secure than >> passwords. > > I've grown an affinity for per-host ssh-keys too.
Read Kent's config carefully ... I used to have handfuls of per-host keys (actually, per-customer keys), and then I discovered that seahorse, the key manager in Ubuntu, adds *every* key in ~/.ssh to the agent as automatically as it can. Whenever I was connecting to a host, all of them were being offered. However, there is a limit to the number of incorrect keys that an sshd will listen to before it tells you to give up on keys, and fall back to the next method -- if there is one. I still have the keys, in a subdir of .ssh, like Kent. I just didn't bother setting up the config scheme like he did, and folded all the client machines back to the same key ... I'm not sure that the security position is worse either way, but it is worth thinking about. -jim _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
