Security suggestion concering SSH and port forwarding.
Dan Kaminsky
dan at doxpara.com
Mon Jan 19 21:55:30 EST 2004
>What is wrong with using public keys?
>
>
>
They're integrated a hell of alot better into web browsers than any
SSH/SFTP client, and still failed?
Not saying pubkey isn't fantastic for us; noticably, we use a system
practically designed for individual developers or small groups (don't we
still linearly search through authorized_keys?). But when dealing with
those who know just enough about security to know FTP and Telnet are to
be phased out, pubkey just isn't that good of an option.
scponly does sort of imply, um, scp only. Perhaps supporting the pubkey
permissions flags in sshd_config on a per-user basis might be feasible?
--Dan
More information about the openssh-unix-dev
mailing list