From: Michael Vince (
Date: 02/05/02

From: "Michael Vince" <>
To: <>
Date: Tue, 5 Feb 2002 19:01:36 +1100

Hey all.
I was thinking about setting up a maximum lazyness maximum security security policy for my self.
I just wanted to know how dangerous are ssh keys with no password phrases? I mean if some one is packet sniffing you how much more bad is it to have a ssh2 key with no pass phrase compared to one that does..
And how bad would it be to have all the servers I have access to with different keys but the exact same password phrase like "pepsi"?
And is it more secure to have a pass phraseless (no pass phrase) ssh key compared to just using ssh with no keys and just using a password that belongs to the unix account?
I just find my self having alot of passwords to remember and looking and changing the way I do things.

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message