> > At least if you are using passwords they need to work out the other > > computer's passwords before they can SSH into them? > > Again, only if you create keys that have no passphrase.
Also, if you are using a password to log into a server that's been compromised, they don't need to work out your password -- you just gave it to them when you logged in. They trojan one box and as people log in from box to box they will collect a lot of passwords and deepen their compromise. If you are using keys, you only need to fully trust your local SSH client. A remote server can't compromise your public key or your passphrase, even if you are using the compromised server to log into other servers (and are using agent forwarding). thornton -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
