The keys should also have a password incase of such problems and it is offered when you type ssh-keygen -t rsa.
this is so much more secure as only a host with a recognised public key can even attempt to login. If you only allow rsa authentication, brute force attacks are no longer an option they need the key and then to guess the password Simon On Fri, 2002-10-11 at 02:31, Peter Kiem wrote: > Hi, > > This might seem a stupid question but I often see people recommending that > you never log into SSH with password but rather use keys. > > Doesn't this create a security issue as if someone manages to break into one > computer you own they can simply SSH straight into the other systems without > passwords using the keys stored on that computer? > > At least if you are using passwords they need to work out the other > computer's passwords before they can SSH into them? > > -- > Regards, > +-----------------------------+---------------------------------+ > | Peter Kiem .^. | E-Mail : <[EMAIL PROTECTED]> | > | Zordah IT /V \ | Mobile : +61 0414 724 766 | > | IT Consultancy & /( )\ | WWW : www.zordah.net | > | Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 | > +-----------------------------+---------------------------------+ > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
