you still need a passphrase to unlock the key. (99% of the time). So even if somebody steals your private key file they still need your passphrase to use it. It is possible to set one up with a null passphrase, but, not surprisingly, that is not recommended.
If someone has stolen your private key file then your system has probably been horribly compromised anyway. Cameron. > -----Original Message----- > From: Peter Kiem [mailto:[EMAIL PROTECTED]] > Sent: Friday, 11 October 2002 11:31 > To: Red Hat Mailing List > Subject: Stupid question about SSH keys and security > > > Hi, > > This might seem a stupid question but I often see people > recommending that > you never log into SSH with password but rather use keys. > > Doesn't this create a security issue as if someone manages to > break into one > computer you own they can simply SSH straight into the other > systems without > passwords using the keys stored on that computer? > > At least if you are using passwords they need to work out the other > computer's passwords before they can SSH into them? > > -- > Regards, > +-----------------------------+---------------------------------+ > | Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> | > | Zordah IT /V \ | Mobile : +61 0414 724 766 | > | IT Consultancy & /( )\ | WWW : www.zordah.net | > | Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 | > +-----------------------------+---------------------------------+ > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
