[LINK] Poorly Managed SSH Keys

Karl Auer kauer at biplane.com.au
Mon Feb 24 17:23:29 AEDT 2014

On Mon, 2014-02-24 at 16:40 +1100, Chris Maltby wrote:
> Add to that
>   - use authorized_keys options such as "from=" to limit key
>     range especially for passwordless command access keys
>   - watch out for insecure use of ssh-agent

Good points. To be pedantic though, when you write "passwordless" you
presumably just mean that publickkey removes the need for anyone to type
in a password. The ssh keys for command access are passphraseless, so
noone has to type in a passphrase, but the accounts on both ends should
definitely have passwords.

The second one is uncontrollable, being client-side, but it's another
reason to have a good education program in place - even, and some might
say especially, for system administrators.

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A

More information about the Link mailing list