[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases

On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote:
> It seems like with Ganneff's trigger mechanism, one attack vector is to
> steal a backup of the passphraseless key and spoof the source IP - now
> you can run the trigger at will.  Having a passphrase on the key could
> at least slow the attacker down.  I could imagine using ssh-cron
> together with "command=" for a higher level of security.

Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back
redirected to you.

Kind regards
Philipp Kern

Attachment: signature.asc
Description: Digital signature

Reply to: