[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases

]] Philipp Kern 

> On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote:
> > It seems like with Ganneff's trigger mechanism, one attack vector is to
> > steal a backup of the passphraseless key and spoof the source IP - now
> > you can run the trigger at will.  Having a passphrase on the key could
> > at least slow the attacker down.  I could imagine using ssh-cron
> > together with "command=" for a higher level of security.
> 
> Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back
> redirected to you.

That's harder and more visible, but not impossible.  BGP hijacks do
happen, intentionally and not.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: