On Mon, 1 Nov 2004 12:11:48 +0100, Luis Fernando Llana Díaz <[EMAIL PROTECTED]> wrote: > Hi all, > I have a doubt. I ussually use ssh to access remote machines without sending any > password > (PasswordAuthentication no) and I store private keys with the help of ssh-agent. > This is valid also to login as another users (including root) in the local machine > (ssh [EMAIL PROTECTED]). With the help of ssh agent, on can open several root > sessions by only > asking one password: the one of my private key "id_rsa". In this way I void tping a > root password any time > I want to be root. > It is very easy for me to work this way, but I would to know if there could be aware > of any possible > security problems to do so. The only problem is that if I make ssh [EMAIL > PROTECTED], its gain root privileges > whitout asking any password. >
I think you'll find a lot of discussions (flamewars?) about the subject. Try looking with google about security benefits of keys versus plain text passwords. Andrea
