On Tue, 2008-01-22 at 11:38 -0800, Aldo Foot wrote: > > > On Jan 22, 2008 8:34 AM, Gijs <info@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> > wrote: > Or you can do it the "easy" way. Use public keys without a > password on it. > You won't have to type in any password, so you won't get the > popup > anymore, and it's relatively secure. > > I agree. Passwordless SSH keys are _very_ insecure in my opinion. > Just pray that the account owning they keys is not compromised... > because then > the floodgates are opened. > Of course this is a non-issue if your systems are in some private net > no exposed > to outside traffic. ---- I'm confused by this comment. If you use ssh keys, does it matter whose accounts is compromised? Once the account is compromised, couldn't they just load a keylogger? And then, ssh keys still have passwords unless the creator of the keys decides to omit a password. Am I missing something here? Craig
