markh at linuxfromscratch.org
Fri Oct 4 11:30:04 PDT 2002
On Fri, 04, Oct, 2002 at 01:58:57PM -0400, Tony Karakashian spoke thus..
> >> If the machine you are ssh'ing *from* is secure (physically as well as
> >> networkingly[!?]) couldn't you use keys and the .ssh/.authorizedkeys
> >> file without passphrases?
> It's not secure, it's connected to the Internet. :) Seriously, I
> guess I could, I'll look into it. I don't need to be logged in though,
> right? That's the key component. I looked at keychain, but I did at
> least need to log in for it to work. I want this as the last part of
> the init script right after it brings up the ipsec interface.
Hmm. In that case you'd have to be there to supply the passphrases if
you used them. If you didn't use passphrases then you'd be fine but the
problem is that if someone nicks a copy of your private key, they can
authenticate to the server as you (although I suppose you could reduce
this risk by only allowing ssh in from a particular IP - still it's not
something I'd be happy with).
Mark Hymers <markh at linuxfromscratch dot org>
"We have three realistic alternatives: (1) Sit here and get blown up, (2)
Stand here and get blown up, (3) Jump up and down, shout at me for not being
able to think of anything, then get blown up."
Holly, Red Dwarf Series III - Bodyswap
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message
More information about the lfs-chat