Am So, den 28.03.2004 schrieb Ron Herardian um 15:10:
> If you run ssh-keygen -t rsa1 that's right (copy identity.pub--default file
> name--to authorized_keys) but if you've run ssh-keygen -t dsa (it's a good
> idea to have all three keys, also -t rsa), then you might want to copy id_dsa.pub
> (default file name) to authorized_keys2. This only works without a password if
> there's no passphrase.
>
> Ron
To create keypairs for SSH logins using public key authentification it
is absolutely BAD and highly NOT RECOMMENDED to create keys WITHOUT a
passphrase! Once the private key is stolen it can be used without
problems. While it is secured by a valuable passphrase it is useless
unless the thief can brute force crack the passphrase (which implies
that the passphrase was badly choosen, too simple).
To get an authentification process using SSH which requires not the
input of a passphrase or password (just for the first time) there are
the tools ssh-agent and ssh-add. Dave explained that already in his
reply.
NEVER create keypairs without a passphrase or create an account without
password protection!
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 18:08:45 up 9 days, 1:50, load average: 0.37, 0.30, 0.18
[ ÎÎÏÎÎ Ï'ÎÏÏÎÎ - gnothi seauton ]
my life is a planetarium - and you are the stars
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
