On Mon, Mar 02, 2009 at 01:19:32PM -0800, Chris Palmer wrote: > ... > Benjamin Lutz writes: > > > Because the inconvience of not using whatever service or data the server is > > providing is considered greater than the security risk. > > But isn't regular password authentication the most convenient of all?
Not in my experience, no. I configure ~/.xsession to run "eval `ssh-agent`" and "ssh-add" very early, so all processes run under that environment get the benefit of the cached authentication credentials I thus set up. Then I can login to most machines I care about directly, without requiring additional authentication. To me, that's far more convenient than ensuring that I'm around & paying attention whenever some random process (e.g., a CVS update) wants a password. And I strongly suspect that it's better security than a password. For my externally-visible sshd, there's no way I'd use a reusable password for authentication. As things presently stand, I only permit SSH public key authentication for that use. > ... Peace, david -- David H. Wolfskill da...@catwhisker.org Depriving a girl or boy of an opportunity for education is evil. See http://www.catwhisker.org/~david/publickey.gpg for my public key.
pgp3pvSghrUy0.pgp
Description: PGP signature
