Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Passwordless ssh keys are a bad idea.' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Passwordless ssh keys are a bad idea.
Authored by: dsouth on Feb 11, '05 08:30:27PM
As others have pointed out, not putting a password on your ssh keypair is a bad idea.

If the private key is compromised(by someone making a copy of it) there is no way to "revoke" the matching private keys other than delete them from every machine you've placed them on. For this reason, some sites concerned about security don't allow users to authenticate with ssh RSA/DSA keypairs at all.

If you're going to use keypair auth in ssh, put a password on the keypair. If you want "passwordless" logins, use ssh-agent to hold the private keys on a per-session basis (then you'll only have to type the key password once per login session).

[ Reply to This | # ]