[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Passing password in ssh



Aldo Foot wrote:

I agree. Passwordless SSH keys are _very_ insecure in my opinion.
Just pray that the account owning they keys is not compromised... because then the floodgates are opened. Of course this is a non-issue if your systems are in some private net no exposed to outside traffic.
While there is a security risk in using a passwordless SSH key, it is less of a risk then most of the other ways of doing it. This is especially true if root owns the key, and/or the key is limited to specific commands on the remote machine. It is definitely more secure then trying to provide the password as part of the command line, and about as secure as providing the password in a batch file. You also have the option of limiting the host(s) the key works from. There are also things you can do with known-hosts to add even more security, but you get the idea.

While having a pass phrase (not password) on a ssh key is normally a good idea. But if you need to connect to a remote machine as part of a cron job, a key without a pass phrase, if set up properly, is not that big of a security risk.

Mikkel
--

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]