Dear Patrick,
Thank you for your response. The client must meet the following
conditions to successfully login:
1) Proper IP
2) Proper Private Key (null-passphrase so at night, when backups are
initiated, a user does not need to be at console)
3) Appropiate command (scp or rsync)
Is there any other way of setting up keys for passwordless logins that
are more secure than null-passphrases?
Thanks,
Gian
Patrick Morris wrote:
No, it's not. If someone has the private key file, they can log in with it.
If it's got a passphrase, they need to know that, too.
Even with ssh-agent, someone has to enter the passphrase at some point.
That makes it infinetely more secure than passphraseless keys.
-----Original Message-----
From: Gian G. Spicuzza [mailto:[EMAIL PROTECTED]
Sent: Friday, March 10, 2006 8:58 AM
To: [email protected]
Subject: Null-passphrase vs ssh-agent
Hello. I have implemented PKA with a null-passphrase instead of using
ssh-agent. Is this just as secure as using ssh-agent?
Thank you,
Gian G Spicuzza
