Date: Wed, 12 Jun 2002 08:44:54 -0700 (PDT) From: Jason Stone <jason@shalott.net> To: Matt Piechota <piechota@argolis.org> Cc: Aragon Gouveia <aragon@phat.za.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: ssh questions Message-ID: <20020612083746.E28555-100000@walter> In-Reply-To: <20020612105149.M36620-100000@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > This is a rather poorly written expect script that I use to tar up a cvs > > > tree on a computer in a rather restrictive lab. > > > > I haven't been following this thread, but wouldn't key authentication be > > easier, securer, more reliable? > > It uses keys, but the keys have a password on them. It really isn't all > that good either way: one way I have passwords laying about, the other I > have passwordless keys that are nearly as dangerous. Place restrictions on the keys in the authorized_keys file on the server. For example, you can set it up such that the key can only be used to copy one particular file, and can only be used from one well-known client ip address. This makes unencrypted keys much safer, and is clearly more secure than having the unencrypted and unrestricted password in the clear on the client. And <insert obligatory topicality note here>. The openssh-dev list (openssh-unix-dev@mindrot.org) is probablly a better place for this kind of discussion. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE9B2x3swXMWWtptckRAou8AKDMpHsLGBjNG3H+MSYVC9fFR97BCgCgiNci gbg3iNiAgUo2jludEY3xIQU= =Eju3 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020612083746.E28555-100000>