[rancid] Re: Rancid and cisco 'autocommand' users?
Russell Jackson
raj at csub.edu
Wed Apr 25 22:19:01 UTC 2007
Austin Schutz wrote:
> On Wed, Apr 25, 2007 at 10:31:02PM +0100, Randy Bush wrote:
>>>> ask your router vendor why they do not have the equivalent of
>>>> ~/.ssh/authorized_keys
>>> Indeed, but the pass phrase still needs to be located somewhere or be empty.
>> yes, but the private key on the client is crypted
>>
>
> wrt the other email I just submitted to this thread: why is this
> advantageous? Over the wire a passphrase is also encrypted, and locally
> it's just as easy to copy a file containing a private key as it is to copy
> a file containing a passphrase.
> I feel like I'm missing something really obvious here. Well, other
> than the fact that some vendor(s) older equipment still doesn't support ssh
> properly. Count yourself lucky if you don't have any of that still around.
>
Only the public key is stored on the remote end. Stealing it would gain an attacker
nothing; in fact, you could store the public key on a web site or broadcast it over email
safely. With public key authentication, the passphrase nor private key is ever transmitted
across the wire.
--
Russell A. Jackson <raj at csub.edu>
Network Analyst
California State University, Bakersfield
I have often looked at women and committed adultery in my heart.
-- Jimmy Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3750 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070425/e4f32423/attachment.bin
More information about the Rancid-discuss
mailing list