[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The keychain package, its debconf templates, the security hole induced

Henrique de Moraes Holschuh <hmh@debian.org> writes:

> On Fri, 21 Jan 2005, Martin Quinson wrote:
>> I'd drop the package from the archive right away. I have several cron jobs
>> using ssh keys (a new key for each cron, without pass and allowed to do only
>> one specific command on the remote host).
> This can very well be a much bigger security risk than doing what you
> already do BUT using passphrases AND ssh-agent to reduce the window of
> opportunity.
> And avoiding keychain does not make it much more difficult to find out how
> to talk to any in-memory ssh-agent anyway, you know.
> NOR does it make it any more difficult to locate all unprotected keys in
> your machine through a rgrep.

Even if you get hold of the key all you can do with it is exactly what
the cron job is doing anyway. The worst you can do is flood the
destination system with jobs, e.g. start a daily cron job every

Limiting an ssh key to a specific command severly limits the damage
you can do with it. This should be a must for any key that is to be
used non interactively.


Reply to: