Hi all, I have rsa2 SSH logins running now. I can see this is a great idea as even if the attacker KNOWS your root password they STILL cannot get in without your private rsa key, right?
Is there some way to make it easier to run ssh-agent? I was trying to put the eval `ssh-agent'; ssh-add into a script but nothing seemed to get exported back to the calling shell :( > Also, if you are using a password to log into a server that's been > compromised, they don't need to work out your password -- you just gave it to > them when you logged in. They trojan one box and as people log in from box to > box they will collect a lot of passwords and deepen their compromise. > > If you are using keys, you only need to fully trust your local SSH client. A > remote server can't compromise your public key or your passphrase, even if > you are using the compromised server to log into other servers (and are using > agent forwarding). If you have it set up like A -> B where A is your workstation and B is your server so that A has your private key and B has your public key what happens if you now want to log into another remote server C (A -> B -> C)? Should you copy your private key from A to B or should you generate a new private key on B for the B -> C login? I would guess that copying your private key to B would be a bad idea as if B is compromised then they have your private key and maybe even track your keystrokes as you enter your passphrase right? Does the agent-forwarding help in this case and how is it implemented? -- Regards, +-----------------------------+---------------------------------+ | Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT /V\ | Mobile : +61 0414 724 766 | | IT Consultancy & /( )\ | WWW : www.zordah.net | | Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 | +-----------------------------+---------------------------------+ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list