[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ssh - methods (was Re: WARNING - Virus infected messages on list)

on Tue, Nov 14, 2000 at 08:30:18PM -0900, Ethan Benson (erbenson@alaska.net) wrote:
> On Tue, Nov 14, 2000 at 09:20:54PM -0700, John Galt wrote:
> > 
> > I've started to get lazy and use an RSA authenticated ssh
> > connection--saves me typing my password...
> actually RSA is a better way to go, you should encrypt the key and use
> ssh-agent, still saves you from typing the passwd (all but once)  but
> the best thinga about RSA is you never type your real password on that
> machine, meaning nobody can get it with a keystroke recorder they
> might have serupticiosly installed.  you can also routinly rekey your
> RSA key file without giving up your main login password.  

Though I strongly favor using a passphrase-protected RSA key myself.
What this buys me is that, from a given host (and there are only two I
access directly for the most part), one passphrase gets me all systems
my RSA key connects to.  The passphrase means that an open session (I
usually, but not always, lock my X and console sessions even when
walking away for a minute or two) doesn't provide access to any other
hosts.  The RSA key can be changed and updated across accessed servers
relatively easily.

Use of RSA authentication without a passphrase is generally deprecated.

Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpUE3oiOoale.pgp
Description: PGP signature

Reply to: