neysx 09/08/21 16:19:26 Modified: openssh-key-management-p1.xml Log: #278968 Paragraph from original article was missing
Revision Changes Path 1.4 xml/htdocs/doc/en/articles/openssh-key-management-p1.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p1.xml?rev=1.4&view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p1.xml?rev=1.4&content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p1.xml?r1=1.3&r2=1.4 Index: openssh-key-management-p1.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p1.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- openssh-key-management-p1.xml 9 Oct 2005 17:13:23 -0000 1.3 +++ openssh-key-management-p1.xml 21 Aug 2009 16:19:26 -0000 1.4 @@ -1,11 +1,11 @@ <?xml version='1.0' encoding="UTF-8"?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p1.xml,v 1.3 2005/10/09 17:13:23 rane Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/openssh-key-management-p1.xml,v 1.4 2009/08/21 16:19:26 neysx Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> -<guide link="/doc/en/articles/openssh-key-management-p1.xml" disclaimer="articles"> +<guide disclaimer="articles"> <title>OpenSSH key management, Part 1</title> <author title="Author"> - <mail link="drobb...@gentoo.org">Daniel Robbins</mail> + <mail link="drobbins"/> </author> <!-- xmlified by Max Lorenz (anarchyisgoodfort...@gmail.com) --> @@ -22,7 +22,7 @@ document is an updated version of the original article, and contains various improvements made by the Gentoo Linux Documentation team --> -<version>1.1</version> +<version>1.2</version> <date>2005-10-09</date> <chapter> @@ -276,6 +276,22 @@ </pre> <p> +Here's where people are often mislead into a quick compromise. A lot of the +time, people will create unencrypted private keys just so that they don't need +to type in a password. That way, they simply type in the ssh command, and +they're immediately authenticated via RSA (or DSA) and logged in. +</p> + +<pre caption="Logging in with passphrase"> +$ <i>ssh drobb...@remotebox</i> +Last login: Thu Jun 28 20:28:47 2001 from localbox.gentoo.org + +Welcome to remotebox! + +$ +</pre> + +<p> However, while this is convenient, you shouldn't use this approach without fully understanding its security impact. With an unencrypted private key, if anyone ever hacks into <e>localbox</e>, they'll also get automatic access to
