Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Perl/SSH Problem


1. That's what strong pass-phrases are used for - to limit the access to the
private key.
2. You could say "sure - so you replace the password by a pass-phrase" but
you'd still need the private key, which is never transferred over the net.
3. You can allow access for multiple keys into the same account - therefore
you can trace which key was used to login and track it back to the origin
and/or remove it if it was compromised (or do stuff like limit the commands
a key authorizes, or pair keys with originating ssh clients). On the other
hand you can't have multiple, traceable passwords to a UNIX account.

With passwords, at least that isn't a problem (assuming you aren't a
complete idiot and have the same password for everything).


With passwords it's enough to know (or guess) a relatively short string in
order to gain access. With keys protected by a pass-phrase you'll need a
string AND the unencrypted content of a file which should never leave the
local disk.

Which is all fine and dandy, except the entire point of the original key argument was that the original poster wouldn't need a pass(word|phrase) and so could avoid his problem with the method SSH uses for prompts.

Adam K