ssh and ps..
From: Manish Chablani (mchablan@cs.indiana.edu)Date: 07/24/02
- Next message: Nico Kadel-Garcia: "Re: CHROOT patch openssh3.4p1"
- Previous message: Chris.: "NT/2K drop connections, 98 doesn't"
- Next in thread: Richard E. Silverman: "Re: ssh and ps.."
- Reply: Richard E. Silverman: "Re: ssh and ps.."
- Reply: : "Re: ssh and ps.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Manish Chablani <mchablan@cs.indiana.edu> Date: Tue, 23 Jul 2002 21:10:53 -0500
Hi,
I am having a problem. I have thought of a design in which program
p1 on node A generates a symmetric key and sends it to program p2 on
node B via ssh. i.e. p1 invokes p2 on node B with the secret key as
argument to p2. Now ssh takes care of transmitting the secret key
securely over the network from A to B. But there is a flaw here.. if
anyone on node A or node B runs ps, he can see the command line argument
passed .. (ps -eadf) .. this is a big security flaw..
Is there any way out of this.. I can do scp after writing the secret
key into a file and then after scp run ssh and make p2 read from the
file, but this has another problem if file system is on NFS and anyone
who can intercept NFS traffic gets the key. The previous solution took
care of this problem by not writting anything on the disk as key was
generated within program p1 and destroyed once it completed.
please help !!!
Manish Chablani
------------------------------------------------------
Graduate Student, CS Department,
Indiana University.
Make today a LAM/MPI day !!!
http://www.lam-mpi.org/
------------------------------------------------------
- Next message: Nico Kadel-Garcia: "Re: CHROOT patch openssh3.4p1"
- Previous message: Chris.: "NT/2K drop connections, 98 doesn't"
- Next in thread: Richard E. Silverman: "Re: ssh and ps.."
- Reply: Richard E. Silverman: "Re: ssh and ps.."
- Reply: : "Re: ssh and ps.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
