On Wed, Apr 02, 2008 at 10:33:35AM -0500, Russell L. Harris wrote: > It is convenient to use "scp" for transferring files between the > desktop machine in the LAN and the server, and to use "ssh" for > remote maintenance of the server, again from the desktop machine > in the LAN. And to eliminate the constant typing of password, > ssh-agent can be installed.
If you are using public key authentication (i.e., RSA or DSA key pairs) to log in to the server, then there should be no need to ever enter the server password for anything other than sudo, which greatly reduces any perceived issues caused by having different passwords on each system. When using public key auth, copy *only* your public key to the server. (ssh-copy-id is a handy way to automate this.) So long as your private key remains secure, there is very little risk to an attacker getting their hands on the public key - that's kind of the point of public key crypto, after all. Unless they take the time to successfully factor the public key, there is no way it can be used to attack your systems; the worst they could do with it is grant you access to their server and run a keylogger there. Your passphrase is only relevant to the private key. If they don't get their hands on the private key (which, again, should reside only on your desktop system), they neither have any way to attempt to crack your passphrase nor would your passphrase do them any good even if they did have it. Using ssh also makes it easy to use different usernames on each host (just add a "User username" line for the host to ~/.ssh/config on the desktop machine), although I don't see this as adding any worthwhile degree of security. -- News aggregation meets world domination. Can you see the fnews? http://seethefnews.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
