Re: Is SSH worth it??
From: Devdas Bhagat (dvb@users.sourceforge.net)Date: 10/10/02
- Previous message: Ogden, Earl: "RE: securing my new wireless router"
- In reply to: Trevor Cushen: "RE: Is SSH worth it??"
- Next in thread: Devdas Bhagat: "Re: Is SSH worth it??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Oct 2002 03:40:43 +0530 From: Devdas Bhagat <dvb@users.sourceforge.net> To: security-basics@securityfocus.com
On 09/10/02 14:34 +0100, Trevor Cushen wrote:
<snip>
Some line length fixing and quoting order fixes, please?
> Can I ask you for a url to more info on this expect language and it usage.
> Again many thanks
IIRC, O'Reilly has a book on the topic. Also, man 1 expect might be
useful. Expect is a TCl addon, but can be used without TCl.
<snip>
> > I dont like RSA without passwords caus if your machine gets compromised,
> > the attacker would have root access to another machines in your network.
> > When I needed automated scripting using ssh and scp I used this programming
> > language called EXPECT, perl includes a module that implements the expect
> > language. It goes something like this:
I prefer the term passphrase.
Use strong passphrases to protect your keys, but don't use passwords.
Passwords are stored in plain text on the box, which means that your
protection has gone from key based to password based.
See man 1 ssh-agent for a way of handling your pass phrases relatively safely.
Devdas Bhagat
- Previous message: Ogden, Earl: "RE: securing my new wireless router"
- In reply to: Trevor Cushen: "RE: Is SSH worth it??"
- Next in thread: Devdas Bhagat: "Re: Is SSH worth it??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
