Passing password in ssh
John Summerfield
debian at herakles.homelinux.org
Thu Jan 24 01:11:02 UTC 2008
Mikkel L. Ellertson wrote:
>>
> Yes, that is a problem. You can only hope that such a user would have
> good pass phrase(s) on their key(s). Though I would expect the attacked
> to have more luck using the information in known_hosts to pick targets.
> If you only use "unlocked" keys for cron jobs, and then limit access on
> the remote system, you can keep the risk manageable. I can picture a
> cron job that does a backup to a remote machine, or a backup client that
> uses an ssh link to communicate to a backup server on a remote machine
> using "unlocked" keys.
>>
Mine goes through a vpn. It's possible to, to play tricks with iptables:
a connection to ssh from example.com gets redirected to port 22022 where
there's another ssh running, or DNATted to another box.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the fedora-list
mailing list