Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler than handles ssh key passphrases
]] Philipp Kern
> On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote:
> > It seems like with Ganneff's trigger mechanism, one attack vector is to
> > steal a backup of the passphraseless key and spoof the source IP - now
> > you can run the trigger at will. Having a passphrase on the key could
> > at least slow the attacker down. I could imagine using ssh-cron
> > together with "command=" for a higher level of security.
>
> Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back
> redirected to you.
That's harder and more visible, but not impossible. BGP hijacks do
happen, intentionally and not.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: