SLUG Mailing List Archives
Re: [SLUG] blocking recurrent attempted access ?
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] blocking recurrent attempted access ?
- From: Peter Hardy <peter@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 14 Feb 2006 16:24:38 +1100
On Tue, 2006-02-14 at 14:25 +1100, Howard Lowndes wrote:
> One word of caution, esp if you are using a laptop; make sure that your
> private key on your lappy is passphrase encoded. It will be the same
> from any site you might access from but it does lock out casual passing
> hackers if you leave the lappy unattended.
By the same token, it's worth looking at the -t option to ssh-agent and
ssh-add to specify a maximum lifetime for keys added to your ssh agent.
In a perfect world, though, keys would have an idle timeout (like the
way sudo works) instead of an absolute life.