"SSH is a program enabling secure access to remote filesystems. Not everyone is aware of other powerful SSH capabilities, such as passwordless login, automatic execution of commands on a remote system or even mounting a remote folder using SSH! In this article we'll cover these features and much more."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-07-07
Except you don't really disable any passwords. You just store a login key on your main computer for the other computer you want to remotely login to. As long as you have a good password for your main computer and store the key at a location that is only accessible by yourself (e.g. in your chmod'ed 700 home dir), the key is not at higher risk of being compromised than anything else in your home dir.
Edited 2006-07-07 09:18
Member since:2005-07-11
Unless the file system is encrypted, chmod 700 isn't going to help once the wrong person gets physical access to your machine. For instance, if your laptop got stolen and had keys on it for imporant servers at work, the doors would be wide open.
The beauty of key pairs in such situation is of course that you can disable the key by simply removing it from authorized_keys (which is a good reason to not reuse keys for different machines), but do you really trust that you will not forget one of the hosts that accept this key, and are you sure you'll be able to clean up before anybody makes use of the key?
It's really not advisable to use plain text keys. You should always protect your private key with a passphrase. SSH-agent makes it almost as convenient as the non-encrypted option, although it clearly is more work to set up than just using normal password login. It's also more secure, though.
Member since:
2005-11-11
agree, disabling passwords guts the security you are trying to create by using this tool in the first place. of course when this was mentioned on digg i was told i simply "had no clue".