Re: Force non-empty pass-phrase?
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 28 Apr 2006 20:15:02 -0400
"PH" == Paul Hink <email@xxxxxxxxx> writes:
PH> Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> wrote:
>> Paul Hink wrote:
>>> Nico Kadel-Garcia <nkadel@xxxxxxxxxxx> wrote:
>>>> I've done that as an administrator in NFS based environments, and
>>>> given users gentle warnings about NFS published home directories
>>>> with no password SSH keys in them. It's a serious no-no in such
>>>> an environment, since anyone can pretend to be the user with a
>>>> simple NFS client and access all their files.
>>> If "anyone can pretend to be the user with a simple NFS client
>>> and access all their files" there are different and more serious
>>> problems than SSH keys with blank passwords.
>> Welcome to NFS, brother. There's a compelling reason it's called
>> "No Freaking Security".
PH> Then why bother about blank SSH key passphrases at all? These keys
PH> have to be regarded as compromised anyway.
Then change them all & encrypt the new keys.
Just because multiple related parts of a system are flawed, does not mean
there's no point in fixing some of them. You have to start somewhere.
--
Richard Silverman
res@xxxxxxxx
.
- References:
- Force non-empty pass-phrase?
- From: mark
- Re: Force non-empty pass-phrase?
- From: Richard E. Silverman
- Re: Force non-empty pass-phrase?
- From: mark
- Re: Force non-empty pass-phrase?
- From: Paul Hink
- Re: Force non-empty pass-phrase?
- From: Nico Kadel-Garcia
- Re: Force non-empty pass-phrase?
- From: Paul Hink
- Re: Force non-empty pass-phrase?
- From: Nico Kadel-Garcia
- Re: Force non-empty pass-phrase?
- From: Paul Hink
- Force non-empty pass-phrase?
- Prev by Date: Re: Force non-empty pass-phrase?
- Next by Date: Re: Dynamic (-D) proxy using OpenSSH Cygwin.. not working..
- Previous by thread: Re: Force non-empty pass-phrase?
- Next by thread: openssh 4.3p2 connection closed problem
- Index(es):
