[EMAIL PROTECTED] said:
>Ok, maybe I'm missing something, but why would you NOT want to
>password protect your host key? Isn't that something you WOULD
>want to passphrase protect?
The host private key is used by sshd. There is no way for sshd to 'know'
a password, so it wouldn't be able to start up if it needed to supply a
password to decrypt its private key. (Of course, the password could be kept
on disk, but then the key already is on disk, so the password wouldn't buy
you anything!).
Whereas, as a human user, you should password-protect your private key to
prevent someone else who gets access to your workstation from using it.
This does imply that it is important for an sshd machine to be kept secure,
so that an unauthorized party can't get access to the sshd (host) private
key.
That's how it is with a daemon that has no 'offline brain' to store secrets :-)
----------------------------------------------------------------------------
Mike Friedman [EMAIL PROTECTED]
Communication & Network Services +1-510-642-1410
University of California at Berkeley http://www.net.Berkeley.EDU/~mikef
----------------------------------------------------------------------------
