On Fri, Feb 22, 2013 at 9:52 PM, Dan Razzell firstname.lastname@example.org wrote:
Workstations are often the weakest link in the security chain.
Considering that you’re now using that workstation to remotely administer
multiple critical servers, it had better be the strongest link.
Fair enough. So use a firewall, antivirus, encrypt the hard drive; use it
only behind a firewall; do whatever it takes.
But making security a hindrance to productivity only leads to people
working around instead of towards better security.
Can in point: if “they” can read your SSH cert out of ssh-agent, “they” can
just as easily install a key logger.
By not using ssh-agent, or restarting it very often, you have to type your
password more often, making the system less secure.