On Thu, Feb 16, 2006 at 06:56:20PM +0000, Chris Green wrote: > > Presumably by "set up secure keys and allow passwordless login without > > using ssh_agent" you mean you've created keys with no passphrase. > > Yes, sorry, that's the one. It's a while since I did it so I'd > forgotten the details. .... and I did read all about the security > risks. No doubt, but there are potentially lots of other eyes (the original poster, for example) reading this thread who are probably not aware of the risks... ;-) > If they can get access to my home directories on the computers at work > there are *far* more interesting things to steal than the unencrypted > ssh keys there! This is why I decided it was 'safe enough'. Of course, it depends on what the attacker's goal is... Some people break into systems just to learn how to do it, and don't care about the data on those systems, except where it helps them gain access to other systems... > > Of course, a compromise of the key you use to access your e-mail > > system is probably not the end of the world, unless it does a whole > > lot more than just send and receive your e-mail... > > > You have hit the nail well on the head there. :) Your original message might be construed by some that creating keys with no passphrase really poses very little risk. I wanted to make it clear that in general, that's not the case, even if it happens to be true in your case. Managing security is entirely about managing risk, so whether or not it's acceptable to live with that risk depends entirely on the specific case. For many, the security of their ssh keys might be the only layer of protection they have, and therefore using a passphrase is much more important. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpVB1fMKkhTJ.pgp
Description: PGP signature