[LINK] Poorly Managed SSH Keys
Karl Auer
kauer at biplane.com.au
Mon Feb 24 17:23:29 AEDT 2014
On Mon, 2014-02-24 at 16:40 +1100, Chris Maltby wrote:
> Add to that
> - use authorized_keys options such as "from=" to limit key
> range especially for passwordless command access keys
> - watch out for insecure use of ssh-agent
Good points. To be pedantic though, when you write "passwordless" you
presumably just mean that publickkey removes the need for anyone to type
in a password. The ssh keys for command access are passphraseless, so
noone has to type in a passphrase, but the accounts on both ends should
definitely have passwords.
The second one is uncontrollable, being client-side, but it's another
reason to have a good education program in place - even, and some might
say especially, for system administrators.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
More information about the Link
mailing list