On 04/11/06, Adam Kennedy <[EMAIL PROTECTED]> wrote:
I always thought the problem with keys and passwordless login was that you end up with cascading exploits. If I login from box A --> box B with keys, and someone hacks box A, then they automatically have access to box B, and C, and D and anything else I use keys on
1. That's what strong pass-phrases are used for - to limit the access to the private key. 2. You could say "sure - so you replace the password by a pass-phrase" but you'd still need the private key, which is never transferred over the net. 3. You can allow access for multiple keys into the same account - therefore you can trace which key was used to login and track it back to the origin and/or remove it if it was compromised (or do stuff like limit the commands a key authorizes, or pair keys with originating ssh clients). On the other hand you can't have multiple, traceable passwords to a UNIX account. With passwords, at least that isn't a problem (assuming you aren't a
complete idiot and have the same password for everything).
With passwords it's enough to know (or guess) a relatively short string in order to gain access. With keys protected by a pass-phrase you'll need a string AND the unencrypted content of a file which should never leave the local disk. --P -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
