[Gllug] ssh authentification

Joel Bernstein joel at fysh.org
Tue Jul 18 18:21:25 UTC 2006


On Tue, Jul 18, 2006 at 07:08:44PM +0100, Martin A. Brooks wrote:
> Bruce Richardson wrote:
> >It doesn't, because there is nothing to stop the user keeping an
> >unprotected copy of the key.  The passphrase is used to decrypt the key
> >on the client side and the server does nothing to verify that.
> >  
> 
> I wasn't aware you could remove the passphrase on a key - interesting.

Frighteningly, you can remove the passphrase on a SSL private key.
Stupid apache admins who don't know about "apachectl -k graceful" do
that so they can have unattended restarts of apache mod_ssl.

/joel
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list