On Wed, Apr 26, 2006 at 08:15:44PM +0200, Martin A. Brooks wrote: > Andrew M.A. Cater wrote: > >When it asks you for a passphrase, hit <Enter> twice - you have a null > >passphrase (which is fractionally less secure but that's probably OK.) > > Not so much "fractionally less secure" as "insecure". If the machine > containing the private key is compromised so, potentially, is every > machine that the public key has been distributed too.
I gather that that's insecure, how is using 'ssh-add'? Does it cache the passphrase only for the X session or for every login? And even if it's the first, is that even marginally secure? -- Christopher Nelson -- [EMAIL PROTECTED] ----------------------------------------------------------------------- Sorry never means having your say to love. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
