No, it's not. If someone has the private key file, they can log in with it. If it's got a passphrase, they need to know that, too.
Even with ssh-agent, someone has to enter the passphrase at some point. That makes it infinetely more secure than passphraseless keys. -----Original Message----- From: Gian G. Spicuzza [mailto:[EMAIL PROTECTED] Sent: Friday, March 10, 2006 8:58 AM To: secureshell@securityfocus.com Subject: Null-passphrase vs ssh-agent Hello. I have implemented PKA with a null-passphrase instead of using ssh-agent. Is this just as secure as using ssh-agent? Thank you, Gian G Spicuzza