encrypt authentication credentials with payload in the clear?
Scott Bolte
listS+openssh-unix-dev at niss.com
Fri Mar 7 00:18:32 EST 2003
On Wed, 05 Mar 2003 21:23:15 -0600, Nick Lange wrote:
> Afternoon everyone,
> If everyone is entirely concerned about innocuous commands comming over
> the ssh session to the shell account, why
> not just analyze the shell logs for analysis there?
Shell access needs to go away IMHO. It is too easy to defeat
audit trails if there is unfettered shell access.
The long term direction I am trying to go is role based
access controls using sets of public/private keys which
gain access to a proxy command system. That would allow
more reliable logging, with excellent access management,
without having to worry about all the end cases a shell
entails.
Scott
More information about the openssh-unix-dev
mailing list