[CLUE-Tech] ssh using RSA authentication?
David Anselmi
anselmi at americanisp.net
Wed Nov 27 11:33:32 MST 2002
Jed S. Baer wrote:
> On Wed, 27 Nov 2002 09:35:21 -0700
> David Anselmi <anselmi at americanisp.net> wrote:
>
>
>>Dave Price wrote:
>>
>>>Hi,
>>>
>>>I am trying to set up 'no password' access to remote systems with ssh
>>>and RSA keys.
>>>
>>>I have built both rsa and rsa1 keys on a mandrake client - these have
>>>null passwords
>>
>>Null passwords is perhaps a bad idea, but may be necessary...
>
>
> This is one of those difficult questions. Just to be clear, we're talking
> about having a null passphrase associated with the SSH key, in particular,
> with the private key portion which sits on the local machine.
[...]
> Yes, I know that I could have my cake and eat it too, by using ssh-agent,
> and at some point, I might well consider doing so.
I would say you should have a passphrase. If you can also log in with a
password, it seems reasonable to make the passphrase the same as the
password. If you want to use this key on several machines you might
consider something stronger, assuming you use different passwords on
each machine.
ssh-agent is really pretty easy to use, so if you use a key several
times per login it's well worth it. For a single use machine that you
control well, a null password may not be enough of a risk to worry about.
The only time you have to use a null password (that I was referring to
above) is when the key is on a server that must be able to boot and use
the key when no one is around to enter a passphrase. Usually the case
for SSL certs for web servers.
Dave
More information about the clue-tech
mailing list