[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases

]] Philipp Kern 

> On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote:
> > It seems like with Ganneff's trigger mechanism, one attack vector is to
> > steal a backup of the passphraseless key and spoof the source IP - now
> > you can run the trigger at will.  Having a passphrase on the key could
> > at least slow the attacker down.  I could imagine using ssh-cron
> > together with "command=" for a higher level of security.
> Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back
> redirected to you.

That's harder and more visible, but not impossible.  BGP hijacks do
happen, intentionally and not.

Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to: