[Gllug] ssh authentification

[Tethys]

Joel Bernstein writes:

>Frighteningly, you can remove the passphrase on a SSL private key.
>Stupid apache admins who don't know about "apachectl -k graceful" do
>that so they can have unattended restarts of apache mod_ssl.

There's nothing stupid about it at all. You have a choice. Either
you require human interaction to start the server, or you don't. If
you choose the latter, then you basically have to use passphraseless
private keys (unless you go for a hardware solution, but that's not
practical in most cases). You're trading off security for availability.
Where you lie on that spectrum determines which strategy you use.

Tet
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug