Utility to scan for unpassworded SSH privkeys?
Damien Miller
djm at mindrot.org
Sat May 25 21:33:06 EST 2013
On Sat, 25 May 2013, Nico Kadel-Garcia wrote:
> The attitude of "if I can break your window, you shouldn't be even
> bothered to lock your car" is an unfortunately common one in the
> security world. Security can be strongly improved by using layers:
Sure, but the layers have to actually offer some security and not
just the theatre of "we have to do _something_!" Offering a control
in ssh_config that is trivially bypassed is not giving out users
security, it's selling them a lie.
Scanning for passwordless keys on a filesystem is fortunately very
simple, and does have a real benefit.
-d
More information about the openssh-unix-dev
mailing list