On Wed, Feb 28, 2007 at 05:35:42PM +0100, Sven Arvidsson wrote: > On Wed, 2007-02-28 at 09:55 -0500, Roberto C. Sanchez wrote: > > Ahh. That's what I was afraid of. Having ssh keys without a passphrase > > is convenient, but very insecure. You are better off without the keys. > > For the longest time I did not understand that, then some kind soul on > > this list pointed to ssh-agent and keychain. Very minor inconvenience > > (enter the passphrase once when you login), and *much* more secure. > > Another great package is libpam-ssh, unlocking your ssh keys at login > time, meaning you will only need to type a password once. because I'm too lazy to research it, why is this any better than a passwordless key? If someone is using your login then your ssh keys are unlocked. A
Attachment:
signature.asc
Description: Digital signature