----- Original Message -----
From: "Mikolaj J. Habryn" <[EMAIL PROTECTED]>
To: "Crossfire" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, December 22, 2000 11:20 AM
Subject: Re: [SLUG] SSH hint required
> On 22 Dec 2000 10:45:42 +1100, Crossfire wrote:
> > uh, the ssh and sshd manpages document `authorized keys'.
>
> Which don't solve the problem of having to type in passwords for each
> connection, unless you use null passphrases.
Null passphrases are the answer. For automated connections, its pretty much
the only answer.
> > > man ssh-agent
> > >
> > > PS: Yes, this is a Better Way.
> >
> > No it isn't.
> >
> > ssh-agent has been responsible for a number of security problems over
the
> > years. I don't/won't use it for that reason.
>
> Name three - remotely exploitable only, please. Complaining about past
> local exploits when the alternative is unpassworded identities just
> boggles my mind. Or do you mean that the concept is absolutely
> terrifying and there damn well *should* have been more security problems
> with it? If so, I absolutely agree, which is why I wrote keymgr (
> http://www.rcpt.to/keymgr/ ).
... You're one of David's friends, aren't you?
The concept is evil and distincitvely scary. Theres been lots of noise
about agent - I don't use it on the principle that enough [knowledgable]
people have made LOTS of noise about it. I'll admit that I haven't seen
them - but given it was Tridge who was advocating against it (IIRC), I'll
happily stay clear, and pass on the recommendation.
--==============================================--
Crossfire | This email was brought to you
[EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
