Passing password in ssh
Les Mikesell
lesmikesell at gmail.com
Wed Jan 23 23:46:35 UTC 2008
Aldo Foot wrote:
>
> I wouldn't say it's not a big risk - more like it is a risk that you
> have to manage by controlling access to the account where the keys are
> readable - and physical access to the media where they are stored.
>
>
> Controlling access to the media storing the keys and accounts is of my
> greatest
> concern in particular if the system is located in some other city and
> someone
> else admins the machine.
>
> Maybe I'm too paranoid.
No, it is good to be paranoid. Remember that it is really the same as
giving control of the targets to the account that controls the keys. It
may be worth doing all scripted commands from a different, well
protected host and account even if you have to copy some files twice to
get them where you want them.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list