ssh and ps..

From: Manish Chablani (mchablan@cs.indiana.edu)
Date: 07/24/02


From: Manish Chablani <mchablan@cs.indiana.edu>
Date: Tue, 23 Jul 2002 21:10:53 -0500

Hi,

    I am having a problem. I have thought of a design in which program
p1 on node A generates a symmetric key and sends it to program p2 on
node B via ssh. i.e. p1 invokes p2 on node B with the secret key as
argument to p2. Now ssh takes care of transmitting the secret key
securely over the network from A to B. But there is a flaw here.. if
anyone on node A or node B runs ps, he can see the command line argument
passed .. (ps -eadf) .. this is a big security flaw..

   Is there any way out of this.. I can do scp after writing the secret
key into a file and then after scp run ssh and make p2 read from the
file, but this has another problem if file system is on NFS and anyone
who can intercept NFS traffic gets the key. The previous solution took
care of this problem by not writting anything on the disk as key was
generated within program p1 and destroyed once it completed.

please help !!!

Manish Chablani
------------------------------------------------------
Graduate Student, CS Department,
Indiana University.

Make today a LAM/MPI day !!!
http://www.lam-mpi.org/
------------------------------------------------------