On Thu, Dec 29, 2011 at 04:39:24PM +0100, Kees de Jong wrote: > I guess I already pointed out everything. I added the updating part to it. > > * Use private not public keys with strong passwords This doesn't make any sense at all. You need both private and public keys for key-based authentication, and it's very important that you recognize the difference between the two. Also, one of the real problems with ssh key authentication is that there's no way to enforce a strong password policy on the private keys. Plenty of times I've seen an otherwise secure host compromised when a user did something silly like drop their passwordless private key in their public_html folder. noah
Attachment:
signature.asc
Description: Digital signature