ssh and ps..

From: Manish Chablani (
Date: 07/24/02

From: Manish Chablani <>
Date: Tue, 23 Jul 2002 21:10:53 -0500


    I am having a problem. I have thought of a design in which program
p1 on node A generates a symmetric key and sends it to program p2 on
node B via ssh. i.e. p1 invokes p2 on node B with the secret key as
argument to p2. Now ssh takes care of transmitting the secret key
securely over the network from A to B. But there is a flaw here.. if
anyone on node A or node B runs ps, he can see the command line argument
passed .. (ps -eadf) .. this is a big security flaw..

   Is there any way out of this.. I can do scp after writing the secret
key into a file and then after scp run ssh and make p2 read from the
file, but this has another problem if file system is on NFS and anyone
who can intercept NFS traffic gets the key. The previous solution took
care of this problem by not writting anything on the disk as key was
generated within program p1 and destroyed once it completed.

please help !!!

Manish Chablani
Graduate Student, CS Department,
Indiana University.

Make today a LAM/MPI day !!!

Relevant Pages

  • Re: SSH - Direct login without password - Beginner Question
    ... First of all I want to stress out that allowing a root user to login ... I prefer the pubkey ... the server will check if the client has a matching secret key which is ... I use this approach myself to tunnel backup data over SSH. ...
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... Man ssh ... ... They had access to the users machine because they got ... secret key ...). ... >> care WHERE we are logging in from! ...
  • Re: passwordless login using ssh- newbie
    ... How can I setup my ssh to do this without typing in my ... <type password for your secret key> ...
  • Re: Is SSH worth it??
    ... > We would be using SSH and SCP. ... SCP for automated scripts. ... > client will not be prompted for a password. ... remote machine, but imho it is better to swap client+server and give ...
  • RE: SCP and MVS data sets?
    ... SCP and MVS data sets? ... Is it possible that the open function is different in SCP? ... You can also do the following weirdness to use ssh to copy a z/OS legacy ...