<br><br><div class="gmail_quote">On Jan 22, 2008 5:36 PM, Craig White <<a href="mailto:craigwhite@azapple.com">craigwhite@azapple.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="Wj3C7c">On Tue, 2008-01-22 at 11:38 -0800, Aldo Foot wrote:<br>><br>><br>> On Jan 22, 2008 8:34 AM, Gijs <<a href="mailto:info@boer-software-en-webservices.nl">info@boer-software-en-webservices.nl
</a>><br>> wrote:<br>> Or you can do it the "easy" way. Use public keys without a<br>> password on it.<br>> You won't have to type in any password, so you won't get the
<br>> popup<br>> anymore, and it's relatively secure.<br>><br>> I agree. Passwordless SSH keys are _very_ insecure in my opinion.<br>> Just pray that the account owning they keys is not compromised...
<br>> because then<br>> the floodgates are opened.<br>> Of course this is a non-issue if your systems are in some private net<br>> no exposed<br>> to outside traffic.<br></div></div>----<br>I'm confused by this comment.
<br><br>If you use ssh keys, does it matter whose accounts is compromised? Once<br>the account is compromised, couldn't they just load a keylogger?<br><br>And then, ssh keys still have passwords unless the creator of the keys
<br>decides to omit a password.<br><br>Am I missing something here?<br><font color="#888888"><br>Craig<br></font><div><div></div><div class="Wj3C7c"><br></div></div></blockquote><div><br>Well, the scenario I described actually happened years ago to someone I knew.
<br>If I create keys without a passphrase, and share the public keys between <br>two systems (A and B), then from system A I can log to system B by<br>simply saying "ssh user@B". This is very convenient for cron jobs.
<br><br>This is particularly risky when the systems are accessed by the general public.<br>How does someone finds out the username? I don't know... company phonebook,<br>online profiles listing first/lastname, etc.<br>
<br>~af<br></div></div><br>