Re: 'password-less' logins on solaris 2.5.1 boxen - subtle troubles.

From: Richard E. Silverman (res_at_qoxp.net)
Date: 01/15/05


Date: 14 Jan 2005 23:31:45 -0500


>>>>> "BU" == Bill Unruh <unruh@string.physics.ubc.ca> writes:

    BU> NONONONONO. You do NOT want to send them your private key as well,
    BU> UNLESS you have control of that machine and really want the root
    BU> on that machine to be able to read the private key and thus be
    BU> able to read everything.

Actually, having a user's private key would not enable an observer to read
SSH-encrypted data -- both it and the hostkey are used for authentication
only.

-- 
  Richard Silverman
  res@qoxp.net