13 Jul
2012
13 Jul
'12
2:28 a.m.
Rick Moen wrote:
Stolen credentials, by contrast, are -- and both passwords and keypairs can be equally easily stolen on a compromised host and then used to impersonate users in connection sessions to elsewhere.
It's worth noting that a passphrase-protected SSH private key, once stolen, can have its passphrase cracked offline at leisure. With existing tools -- ssh-keygen -p.