Utility to scan for unpassworded SSH privkeys?
Ben Lindstrom
mouring at eviladmin.org
Fri May 24 23:30:11 EST 2013
On May 24, 2013, at 7:43 AM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
[..]
> It's a big reason that I encourage migration to Kerberos based
> authentication wherever possible, but that doesn't work well for
> Subversion or git authentication.
Or cron.... =)
Any solution that requires me to extract a keytab file and place it in a NFS mounted home directory so I can run a cron tab on one machine while still ensuring it is backed up (as random desktops aren't backed up normally) is just as major of failing as unencrypted private keys floating around. =)
So honestly, Kerberos has its own little gotchas as well.
BTW.. Kerberos works fine as an authentication method subversion. We do it all the time at work for the IT cfengine repositories.
- Ben
More information about the openssh-unix-dev
mailing list