Re: Expect Scripts and Security Issues
From: 2Host.com - Robert (admin_at_-NOSPAM-2host.com)
Date: 05/24/03
- Next message: 2Host.com - Robert: "Re: Question Please Help!"
- Previous message: Barry Margolin: "Re: secure Rlogin"
- In reply to: Jeff Friedman: "Expect Scripts and Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 May 2003 16:04:34 -0700
Jeff Friedman wrote:
>
> Hello,
>
> We are planning on implementing 'Expect Scripts' on a few Unix / Cisco
> devices. These will log into the servers using SSH, then record a few
> basic system functions.
>
> I was wondering what the security and vulnerability concerns might be?
> The FAQ's on the Expect site do not contain any security issues.
It's a matter of how you store the information to connect. Will you pass
the password for login in a script or file, or will use you keys? Both
are insecure for various reasons. Personally, and this is maybe overkill
for some people, I'd just create an interface to communicate over the
network to perform only the tasks I want to have performed on the other
servers via a client-server method, which can be far more secure and
controlled. It's not really that much work involved.
-- Regards, Robert McGregor - Email: admin@(remove)2host.com. Phone: 530-941-0690 Server admin, support, programming for shared & dedicated web servers Secure, reliable hosting you expect and deserve! http://www.2host.com
- Next message: 2Host.com - Robert: "Re: Question Please Help!"
- Previous message: Barry Margolin: "Re: secure Rlogin"
- In reply to: Jeff Friedman: "Expect Scripts and Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
