updating openssh
Andrew Mathews
andrew_mathews
Mon May 17 11:42:55 PDT 2004
m.w.chang wrote:
> whenever I change the key, I emailed my yahoo account the new private
> key. putty can be downloaded from anywhere. Another approach is to the
> web server.
>
> I don't carry any USB storage device. I prefer to get everything from
> the net, including my private key. :)
>
Jesus Christ! You're putting your private key out on the net for anyone
to download? You're either insane or just plain stupid. Why don't you
just post your ip address and root password(s) to a web page? It's the
same end result. All it takes is a passwordless key in your
authorized_keys file and you're owned. You surely don't consider a Yahoo
email account to be secure I hope. Any wannabe script kiddie will crack
that account in less than a minute, grabbing your private key, checking
the header for the originating ip address, and 10 seconds later sitting
at a command prompt as root. Don't expect a flood of offers as a
SysAdmin anytime soon.
--
Andrew Mathews
---------------------------------------------------------------------
9:41am up 10 days, 14:03, 9 users, load average: 1.00, 1.03, 1.08
---------------------------------------------------------------------
Dime is money.
More information about the Linux-users
mailing list