Clint Dilks wrote:
1. Currently all of the key pairs we are using have empty passphrases is it worth the effort of changing this and setting up ssh-agent compared to what you gain in security by doing this ?
Certainly, adding passphrases nudges the security up a step, as otherwise a compromised account means the offender can log onto any other system - or in the case of compromised root, can log in anywhere as anyone..
It comes down to, like all security measures, a balancing act between security and ease-of-use.. You need to take into consideration what data is around the systems, and what the worst case scenario would be..
-- Cheers, Morten _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
