[Techtalk] thoughts on OpenSSH key passphrase/ no passphrase

Conor Daly conor.daly-linuxchix at cod.homelinux.org
Mon Nov 28 08:48:37 EST 2005


On Mon, Nov 28, 2005 at 08:04:09AM +1100 or so it is rumoured hereabouts, 
Mary thought:
> On Sun, Nov 27, 2005, Carla Schroder wrote:
> > Some folks think using public-key authentication without a passphrase
> > is more secure that using it with a passphrase. Which does not make
> > sense to me.
> > 
> > Anyone have deep thoughts on the subject? Or even shallow ones.
> 
> I use passphrased keys for human logins, as in when I want to be able to
> connect to a remote computer and run arbitary commands. I will sometimes
> use passphrase-less keys for an automated user, for example a user that
> runs backups, and will use the authorized_keys file to restrict them to
> running the relevant command using command= and restrict the host they
> can login from using from=. (For people interested, see the
> "AUTHORIZED_KEYS FILE FORMAT" format of the sshd man page.)

There's a writeup on this in Rick Moen's linux knowledgebase
{http://linuxmafia.com/kb/} under the Security/ssh publickey process
heading: http://linuxmafia.com/faq/Security/ssh-publickey-process.html

Conor
-- 
Conor Daly <conor.daly at cod.homelinux.org>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/G/S/O d+(-) s:+ a+ C++(+) UL++++ US++ P>++ L+++>++++ E--- W++ !N
PS+ PE Y+ PGP? tv(-) b+++(+) G e+++(*) h-- r+++ z++++ 
------END GEEK CODE BLOCK------


More information about the Techtalk mailing list