This will work if you have no passphrase on your RSA key. This is a *really*
stupid thing to do, IMHO, especially to a root account, as anyone who manages
to get access to your ~/.ssh/identity file will be able to log into any host
that you have set this up on, without a password. While it's a little more
secure than .rhosts authentication, the absence of any kind of
password/passphrase validation makes it (again IMHO) an undesirable option for
the security conscious.
--Adam
I didn't come up with this one. But, for the truely security concious, the
machine that has this kind of access has no lusers on it anyway. The hosts
that our customers are on are administered, not administrators. Besides,
for security reasons, only employees have shell accounts and even most of
them do not, only SAs and developers, on as-needed basis. Our NOC machines
don't even have developers (which is where this sort of thing would be done
from). I think it's a cute idea and I'm going to try it. BTW, everyone here
has WinNT as their workstation O/S. The Linux boxen are strictly servers,
even me.
This will work if you have no passphrase on your RSA key. This is a *really*
stupid thing to do, IMHO, especially to a root account, as anyone who manages
to get access to your ~/.ssh/identity file will be able to log into any host
that you have set this up on, without a password. While it's a little more
secure than .rhosts authentication, the absence of any kind of
password/passphrase validation makes it (again IMHO) an undesirable option
for
Well, you can use ssh-agent. Then its rsh equivalent and your identity is
still protected.
---Ingo Luetkebohle, CTO
dev/consulting Gesellschaft fuer Netzwerkentwicklung und -beratung mbH
url: http://www.devconsult.de/ - fon: 0521-1365800 - fax: 0521-1365803