Re: Force non-empty pass-phrase?



Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> wrote:
Paul Hink wrote:
Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> wrote:

I've done that as an administrator in NFS based environments, and
given users gentle warnings about NFS published home directories
with no password SSH keys in them. It's a serious no-no in such an
environment, since anyone can pretend to be the user with a simple
NFS client and access all their files.

If "anyone can pretend to be the user with a simple NFS client and
access all their files" there are different and more serious
problems than SSH keys with blank passwords.

Welcome to NFS, brother. There's a compelling reason it's called "No
Freaking Security".

Then why bother about blank SSH key passphrases at all? These keys have
to be regarded as compromised anyway.

Paul
.