[Gllug] ssh authentification
Joel Bernstein
joel at fysh.org
Tue Jul 18 18:21:25 UTC 2006
On Tue, Jul 18, 2006 at 07:08:44PM +0100, Martin A. Brooks wrote:
> Bruce Richardson wrote:
> >It doesn't, because there is nothing to stop the user keeping an
> >unprotected copy of the key. The passphrase is used to decrypt the key
> >on the client side and the server does nothing to verify that.
> >
>
> I wasn't aware you could remove the passphrase on a key - interesting.
Frighteningly, you can remove the passphrase on a SSL private key.
Stupid apache admins who don't know about "apachectl -k graceful" do
that so they can have unattended restarts of apache mod_ssl.
/joel
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list