[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Passing password in ssh



Aldo Foot wrote:


    I wouldn't say it's not a big risk - more like it is a risk that you
    have to manage by controlling access to the account where the keys are
    readable - and physical access to the media where they are stored.


Controlling access to the media storing the keys and accounts is of my greatest concern in particular if the system is located in some other city and someone
else admins the machine.

Maybe I'm too paranoid.

No, it is good to be paranoid. Remember that it is really the same as giving control of the targets to the account that controls the keys. It may be worth doing all scripted commands from a different, well protected host and account even if you have to copy some files twice to get them where you want them.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]