On 13 Oct 2002, Peter Kiem wrote:
> Hi all,
>
> I have rsa2 SSH logins running now. I can see this is a great idea as
> even if the attacker KNOWS your root password they STILL cannot get in
> without your private rsa key, right?
wrong ! With the public key and the root password known,
and files appropriately configured, the "attacker" won't
be prompted for a password.
If the root password is known in any senario then "is all over" !
> I would guess that copying your private key to B would be a bad idea
correct - copy only public keys
take a look at the
i FILES section in man ssh and
ii man ssh-keygen
iii experiment (on a non internet routable nework)
Kyle Hargraves
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
