on Tue, Nov 14, 2000 at 08:30:18PM -0900, Ethan Benson (erbenson@alaska.net) wrote: > On Tue, Nov 14, 2000 at 09:20:54PM -0700, John Galt wrote: > > > > I've started to get lazy and use an RSA authenticated ssh > > connection--saves me typing my password... > > actually RSA is a better way to go, you should encrypt the key and use > ssh-agent, still saves you from typing the passwd (all but once) but > the best thinga about RSA is you never type your real password on that > machine, meaning nobody can get it with a keystroke recorder they > might have serupticiosly installed. you can also routinly rekey your > RSA key file without giving up your main login password. Though I strongly favor using a passphrase-protected RSA key myself. What this buys me is that, from a given host (and there are only two I access directly for the most part), one passphrase gets me all systems my RSA key connects to. The passphrase means that an open session (I usually, but not always, lock my X and console sessions even when walking away for a minute or two) doesn't provide access to any other hosts. The RSA key can be changed and updated across accessed servers relatively easily. Use of RSA authentication without a passphrase is generally deprecated. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpUE3oiOoale.pgp
Description: PGP signature