[Gllug] ssh authentification
sta296 at astradyne.co.uk
Wed Jul 19 00:26:50 UTC 2006
Joel Bernstein writes:
>Frighteningly, you can remove the passphrase on a SSL private key.
>Stupid apache admins who don't know about "apachectl -k graceful" do
>that so they can have unattended restarts of apache mod_ssl.
There's nothing stupid about it at all. You have a choice. Either
you require human interaction to start the server, or you don't. If
you choose the latter, then you basically have to use passphraseless
private keys (unless you go for a hardware solution, but that's not
practical in most cases). You're trading off security for availability.
Where you lie on that spectrum determines which strategy you use.
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG