Re: Secure file transfer from unix to windows

From: UnixFan (gxy1997_at_yahoo.com.au)
Date: 10/24/03

  • Next message: William Hooper: "Re: How can Putty load my public key generated with OpenSSH" 
    Date: 23 Oct 2003 17:59:01 -0700

    "Nico Kadel-Garcia" <nkadel@comcast.net> wrote in message news:<rOidnTDSKfJIUAqiRVn-tg@comcast.com>...
    > "UnixFan" <gxy1997@yahoo.com.au> wrote in message
    > news:268fc341.0310222220.64ec6024@posting.google.com...
    >
    > > We are using a commercial SFTP automation tool called AutoSFTP in our
    > > environment. There are other ways for SFTP automation, but if you need
    > > good security, AutoSFTP is the best I could find today, and this is
    > > the only SFTP automation solution that is allowed by our security and
    > > audit department.
    > > As you are working on a development machine, I would recommend you to
    > > use public key authentication and set a null passphrase for the
    > > private key.
    >
    > BAD-BAD-BAD IDEA! This is much like taping a password to your monitor.
    > Unless you can heavily restrict what it has access to, such as using chroot
    > cage and preventing shell access, then you are probably better off with a
    > plain old FTP access.
    >
    > If you need to do this sort of thing, use "ssh-agent" to pre-load a
    > passworded key for the use of the software in question without ever leaving
    > an unlocked key around.

    ssh-agent does not give you adequate protection (one can use debugger
    to retrieve the unlocked private key from ssh-agent: it's not that
    difficult provided you know how to use debugger and understand C
    code), and also you must rekey in the passphrase after each system
    reboot.

  • Next message: William Hooper: "Re: How can Putty load my public key generated with OpenSSH"