Dave Sherohman wrote: > On Tue, Jun 05, 2001 at 09:59:49PM -0500, HOEFFNER at dcmir.med.umn.edu wrote: > > >Put the public key on your computer at home and set up some automatic > > >logins. > > >No password involved. Oddly enough it's more secure than passwords. > > >Much easier than telnet and very secure. > > > > Is this really true??? Best practice? > > > > Seems too good to be true. I've gotten that piece to work, but have shied away > > from it cuz it seemed the password challenge would be better. Guess I'm not all > > that sure why I thought that, though. If you trust the computer yes it is. I have to use a Mac at work that is sitting right out in the open and must be available for others to work on. I don't use keys on this computer. Too easy to get to and steal the keys. Although with a passphrase that would also be secure. > There is one caveat: You must generate keys with (good) passphrases. If you > leave the passphrase blank, then I tend to agree with you that it's insecure, > since access to the key-holding account would give free reign over all > accounts that recognize that key (and ~/.ssh/known_hosts would make finding > those accounts pretty easy). With a good passphrase, though, the key itself > is locked up quite nicely also. Just remember not to walk away while logged > in without locking your terminal first. But you do that anyway, right? That's the point. No restrictions on access. I use this on my laptop. No one uses this and it isn't hooked up to the net. I would use a passphrase but It's already acceptably secure for what I use it for. If your at all suspicious of your computer security than use passphrases or stick with password authentication. Either is more secure then telnet. sim