[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https://www.debian.org/devel/passwordlessssh.de.html

Hello everybody,

I just read the page being discussed here: are we sure we really want to tell
developers and users that in some cases it is fine to use a plain passwordless
SSH key ?

 - for interactive use, it is almost as conveninent, and more secure, to use a
   SSH agent;

 - for non-interactive use, it is more secure to restrict what the SSH key
   can do using a "command" field in the authorized_keys file;

 - while I am not using the Debian infrastructure much, I am not aware of use
   cases where it is necessary for simple users to have a plain unrestricted
   passwordless key as described here.

(By the way, the .xsession extract should contain "# eval $(ssh-agent)" instead
of "# eval ssh-agent").

I think that the contents of this page would have been added to wiki.debian.org
if it already existed when the page was created.  Perhaps it is better to
transfer the information now ?  I understand that being on www.debian.org gives
better chances of being translated in many languages, but I would expect that
somebody invited to log in debian.org systems with a passwordless key should
have a reasonable undestanding of English...  And if it is not about logging in
the Debian infrastructure, then maybe it is an argument for removing the page ?

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: