On 13 Oct 2002, Peter Kiem wrote: > I have rsa2 SSH logins running now. I can see this is a great idea as > even if the attacker KNOWS your root password they STILL cannot get in > without your private rsa key, right?
That's sort of correct. Root can, in fact, connect to an existing ssh-agent socket if one exists, and thereby authenticate as you. In general, though, being root is not sufficient to use someone's RSA or DSA key directly since root still won't have the password to decrypt the private key. Of course, root has all sorts of ways to *gain* that password, such as keystroke logging. If you trust root enough not to do that to you, then simply having access to the private key is insufficient to compromise it. > Is there some way to make it easier to run ssh-agent? I was trying to > put the eval `ssh-agent'; ssh-add into a script but nothing seemed to > get exported back to the calling shell :( I recommend keychain from http://www.gentoo.org/projects/keychain.html. It's a great wrapper for ssh-agent, and is very easy to use. -- "The only thing that helps me maintain my slender grip on reality is the friendship I share with my collection of singing potatoes." - Holly, JMC Vessel *Red Dwarf* -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
