This is a discussion on RE: Null-passphrase vs ssh-agent - openssh ; No, it's not. If someone has the private key file, they can log in with it. If it's got a passphrase, they need to know that, too. Even with ssh-agent, someone has to enter the passphrase at some point. That ...
No, it's not. If someone has the private key file, they can log in with it.
If it's got a passphrase, they need to know that, too.
Even with ssh-agent, someone has to enter the passphrase at some point.
That makes it infinetely more secure than passphraseless keys.
-----Original Message-----
From: Gian G. Spicuzza [mailto:gianspi@gsent.org]
Sent: Friday, March 10, 2006 8:58 AM
To: secureshell@securityfocus.com
Subject: Null-passphrase vs ssh-agent
Hello. I have implemented PKA with a null-passphrase instead of using
ssh-agent. Is this just as secure as using ssh-agent?
Thank you,
Gian G Spicuzza
