OT: ssh passphrases (was Re: [PLUG] rsync)

Paul Heinlein heinlein at madboa.com
Thu Feb 5 09:16:02 UTC 2004


On Thu, 5 Feb 2004 gepr at tempusdictum.com wrote:

> Sorry, I was ambiguous.  I already use ssh-agent, ssh-add, and have
> my id scattered about on the net.  The specific question is:  What
> security do I gain by having a passphrase over an empty passphrase?
> I have to enter that passphrase whenever I do an "ssh-add".  I'd
> prefer not to have to enter it.  But, I don't want to store my
> passphrase on disk (say in a script file).  And I worry that having
> an empty passphrase would compromise my machine's identity.

An empty passphrase means that should anyone gain access to your
private key, the intruder would be able to become you on remote
machines without further assistance. A passphrase raises the bar
considerably.

-- Paul Heinlein <heinlein at madboa.com>




More information about the PLUG mailing list