Passing password in ssh
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Wed Jan 23 02:09:52 UTC 2008
Aldo Foot wrote:
> I agree. Passwordless SSH keys are _very_ insecure in my opinion.
> Just pray that the account owning they keys is not compromised...
> because then the floodgates are opened.
> Of course this is a non-issue if your systems are in some private net no
> exposed to outside traffic.
While there is a security risk in using a passwordless SSH key, it
is less of a risk then most of the other ways of doing it. This is
especially true if root owns the key, and/or the key is limited to
specific commands on the remote machine. It is definitely more
secure then trying to provide the password as part of the command
line, and about as secure as providing the password in a batch file.
You also have the option of limiting the host(s) the key works from.
There are also things you can do with known-hosts to add even more
security, but you get the idea.
While having a pass phrase (not password) on a ssh key is normally a
good idea. But if you need to connect to a remote machine as part of
a cron job, a key without a pass phrase, if set up properly, is not
that big of a security risk.
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20080122/4c36d391/attachment-0001.bin
More information about the users