[NCLUG] ssh2 - hostbased authentications
Quent
quent at pobox.com
Mon Dec 4 10:13:12 MST 2000
The risk is that root's private key is stored unencrypted if it's created
with no passphrase.
Although it's stored so only root can read it, if someone got a copy they
could login to any remote host that trusts that key. With a passphrase,
the key is encrypted so anyone getting a copy would have to crack the
encryption in order to use the key.
I think this is another trust problem: if B trusts A and C trusts B,
then using ssh-agent and the private key from A, you can get C to trust A.
Of course, if someone can get to a file that's only readable by root
there are other problems.
Quent
On Fri, Dec 01, 2000 at 06:43:08PM +0000, dobbster wrote:
> Quent wrote:
> >
> > You could generate a key for "root" with no passphrase and use an
> > "authorized_keys" file on the remote host in the /.ssh directory.
> > It's a bit risky though.
> >
> > Quent
> >
>
> I didn't try that. I will.
>
> Is it risky in the same sense that root .rhosts are risky?
>
> Mark (dobbster at frii.com)
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
>
>
More information about the NCLUG
mailing list