Aldo Foot wrote:
Yes, that is a problem. You can only hope that such a user would have good pass phrase(s) on their key(s). Though I would expect the attacked to have more luck using the information in known_hosts to pick targets. If you only use "unlocked" keys for cron jobs, and then limit access on the remote system, you can keep the risk manageable. I can picture a cron job that does a backup to a remote machine, or a backup client that uses an ssh link to communicate to a backup server on a remote machine using "unlocked" keys.2008/1/22 Mikkel L. Ellertson <mikkel infinity-ltd comYou are correct. My worst nightmare does not include stealing the private key. But simply cracking into a user's account who has access to several systems containing the keys. Worst scenario is when someone brakes into a system gains root access and does "su - user" to such account and by looking into the .shosts tries his luck to other systems.
You may want to look into the -r option of bash, or rbash. (Bash invoked as rbash is supposed to be the same as running bash -r.) This, or another or the restricted shells would work well as the shell for user on the remote machine. You can also look into sudo to give limited access to commands that need to be run as root, if what you are doing is going to require it. (man bash and search for rbash)But even having a pass phrase does not help if someone uses dumb passwords. Things like first name as user name, and last name as password. Then they use their full name as the pass phrase on the key. Or is machine B lets you ssh in using username/password, and you have a user like this. The key is to use the tools responsibly. Bingo! There lies my problem. Perhaps a good practice is to configure accounts such as those for cron jobs to use only specific commands. Does anyone reading this thread uses such setup? I'll play with this a bit.
I have not used it, but rssh also sounds like it might be useful, depending on what you need to do. It is designed to be used as the users shell on the remote machine when you want to limit what they can do over a ssh connection.
http://www.pizzashack.org/rssh/Another option, if you only need to run a specific command, would be to configure the key in authorized_keys so it runs a specific command. (man sshd and search for AUTHORIZED_KEYS FILE FORMAT)
Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Description: OpenPGP digital signature