On Thu, 2 Oct 2008, Rhys Morris wrote:
> The disadvantage of ssh keys was made clear to us recently when a machine in
> a different University was root compromised. The attackers stole all the ssh
> keys they could find, and briefly obtained access to my systems via the
> account of a former student.
>
> Should you allow ssh key access from machines you have no control over?
The technical answer is
ssh keys should always be passphrase protected
Unfortunately the biggest selling point to users is that ssh keys
can be generated without a password/phrase, so they do.
ssh_agent means that if they set things up right they only have to
enter the passphrase once per session* but is that enforceable ?
* or possibly every now and then when it has expired, which would
give some protection against anyone wandering up to an idle machine.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
[log in to unmask]http://www.dpmms.cam.ac.uk/~werdna