On Fri, 21 Jan 2005, Goswin von Brederlow wrote: > Henrique de Moraes Holschuh <[EMAIL PROTECTED]> writes: > > This can very well be a much bigger security risk than doing what you > > already do BUT using passphrases AND ssh-agent to reduce the window of > > opportunity. > > Even if you get hold of the key all you can do with it is exactly what > the cron job is doing anyway. The worst you can do is flood the > destination system with jobs, e.g. start a daily cron job every > second.
That depends on what you're running on the other side, doesn't it? If it can be exploited depending on what you do with it... > Limiting an ssh key to a specific command severly limits the damage > you can do with it. This should be a must for any key that is to be > used non interactively. Agreed. But that is orthogonal to ssh-agent use, since ssh-agent use (and keychain use) does NOT preclude specific command limiting. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
