When a hostkey is generating, it uses a null passphrase.
The warning is for people who decide to use a null passphrase for
user public key authentication. Using a null passphrase for user
public key authentication is pretty insecure.
-Anne
On Thu, Oct 05, 2000 at 09:09:27AM -0400, D.D. Trbovich wrote:
> Hi everyone,
>
> I installed ssh 2.3.0-1, non commercial version, and can see it start up
> and run during the boot up process. Yet while I was installing it, the
> following warning came up:
>
> "...key is stored with NULL passphrase, this is not
> recommended, if file system protections fail, someone
> can access the key file, if su malicious, key can be
> used without decipher effort..."
>
> Has someone seen this before and know what is wrong, or could point me to
> a source that can answer this, I appreciate your time and assistance into
> this matter and I look forward to your reply.
>
>
------------------------------------------------------------------------
Anne Carasik | Any two consenting adults can rub
Principal Security Consultant | two primes together to create
SSH Communications Security, Inc. | a public keypair.
Email: [EMAIL PROTECTED] | - R. Thayer
------------------------------------------------------------------------
Unless stated otherwise above, the opinions expressed herein are my own,
not of my employer.
