On Wed, 1 Jul 2015, Jim Klimov wrote:
You can also boost security with no passwords allowed, keys only for ssh auth ;)
This certainly helps, but a remote compromised machine could still use those keys to log in to your system. Hopefully users of those keys do apply a passphrase to them. If the remote machine is compromised, then the key passphrase could be captured by keystroke logging and the private key file could be copied at that time.
Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
