Utility to scan for unpassworded SSH privkeys?
Dan Kaminsky
dan at doxpara.com
Fri May 24 11:31:02 EST 2013
It's 2013. Time to start actually caring how users use our systems.
On Thu, May 23, 2013 at 6:21 PM, Dan Mahoney, System Admin <
danm at prime.gushi.org> wrote:
> On Thu, 23 May 2013, Dan Kaminsky wrote:
>
> Effectively nobody passphrases their ssh keys. They're used as a way to
>> *suppress* password entry in the real world -- use this, and things just
>> work rather than poking you each time.
>>
>
> I'm aware of this stigma, which is the current popular (and lazy)
> thinking. That's why I laid out assumptions #1 and #2. I can't make
> people use passwordless everywhere.
>
> However, if I'm giving you space in my garage, I want to know you're not
> storing rusting propane cylinders :)
>
> -Dan
>
> --
>
> "You're a nomad billygoat!"
>
> -Juston, July 18th, 2002
>
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---------------------------
>
>
More information about the openssh-unix-dev
mailing list