Question on SSH_ASKPASS

[Gert Doering]

Hi,

On Thu, Dec 24, 2009 at 12:36:37PM +1300, Peter Lambrechtsen wrote:
> Why aren't you using authorized_keys with a public/private keys.  
> That's what it's there for. Among other reasons.

Unfortunately, some vendors fail to understand this.  Like "Cisco".  Or
"Citrix" (who *can* do pubkey auth, but there is no persistant storage
on the netscalers, so it will only work up to the next reboot).

For the time being, us poor admins have to fall back to nastier 
approaches... like "put passwords into files".

(Not that "put password into script" is *that* much more insecure than
"have password-less key on file".  If your files can be read by $evil_entity,
you're toast, in both cases...)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de