Question on SSH_ASKPASS
Gert Doering
gert at greenie.muc.de
Fri Dec 25 01:34:08 EST 2009
Hi,
On Thu, Dec 24, 2009 at 12:36:37PM +1300, Peter Lambrechtsen wrote:
> Why aren't you using authorized_keys with a public/private keys.
> That's what it's there for. Among other reasons.
Unfortunately, some vendors fail to understand this. Like "Cisco". Or
"Citrix" (who *can* do pubkey auth, but there is no persistant storage
on the netscalers, so it will only work up to the next reboot).
For the time being, us poor admins have to fall back to nastier
approaches... like "put passwords into files".
(Not that "put password into script" is *that* much more insecure than
"have password-less key on file". If your files can be read by $evil_entity,
you're toast, in both cases...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list