[nycbug-talk] SANS ISC post on SSH
mspitzer at gmail.com
Wed Feb 6 13:45:34 EST 2008
On Feb 6, 2008 11:24 AM, Jesse Callaway <bonsaime at gmail.com> wrote:
> I'm particularly interested in the authorized_keys file use he
> mentions. I saw this while trying to set up some automated /etc
> backups. I am STILL setting it up because of not being able to rest
> regarding the automation and root access over the net.
> One tricky thing I've thought of, and did implement was when doing
> tarballs over the ssh pipe...
> create a random key, encrypt it with RSA. Then do a block cipher using
> the random key to pipe the tarball. This is just in case somebody
> happens to get my key and password to the key for login... all they'd
> get back is a "stuff this in your pipe and smoke it"
> But locking down the ssh login so that it ONLY does this encrypted
> tarball dance is what I'm really interested in learning at the
I do not know as much about it as I should, but I think kerberos is
worth looking at for this. At least you would get rid of the root key
> talk mailing list
> talk at lists.nycbug.org
Freedom is nothing but a chance to be better.
More information about the talk