[nycbug-talk] SANS ISC post on SSH

Jesse Callaway bonsaime at gmail.com
Wed Feb 6 11:24:19 EST 2008


On Wed, Feb 6, 2008 at 10:09 AM, George Rosamond
<george at ceetonetechnology.com> wrote:
> I think it's a relevant point for tonight's discussion. . .
>
>  How does one deal with automation of remote processes over ssh?
>
>  http://isc.sans.org/diary.html?storyid=3935&rss
>
>  George
>  _______________________________________________
>  talk mailing list
>  talk at lists.nycbug.org
>  http://lists.nycbug.org/mailman/listinfo/talk
>


I'm particularly interested in the authorized_keys file use he
mentions. I saw this while trying to set up some automated /etc
backups. I am STILL setting it up because of not being able to rest
regarding the automation and root access over the net.
One tricky thing I've thought of, and did implement was when doing
tarballs over the ssh pipe...
create a random key, encrypt it with RSA. Then do a block cipher using
the random key to pipe the tarball. This is just in case somebody
happens to get my key and password to the key for login... all they'd
get back is a "stuff this in your pipe and smoke it"
But locking down the ssh login so that it ONLY does this encrypted
tarball dance is what I'm really interested in learning at the
meeting.

-jesse



More information about the talk mailing list