Re: Best way to duplicate HDs--talk more about rsync+ssh system
Hello Ted,
Your mail is very informative to me.
I wonder how to define cmd to run automatically in authorized_hosts?
I thought there's nothing but pub keys in authorized_hosts file.
And, do I need ssh-agent in this case? Do I need to leave passphrase
blank?
Thank you for your patience and kindness.
> On Wed, Jan 02, 2002 at 03:15:20PM +0800, Patrick Hsieh wrote:
> > I've read some doc. using ssh-keygen to generate key pairs, appending
> > the public keys to ~/.ssh/authorized_hosts on another host to prevent
> > ssh authentication prompt. Is it very risky? Chances are a cracker could
> > compromise one machine and ssh login others without any authentication.
>
> use ssh-keygen to generate a new key for *every* machine, and *every*
> application you want to use. In the authorized_hosts section, you limit
> what a single key can do by specifying a cmd that is run automatically...
> in other words, use of the key executes only the command you want, and not
> simply a shell.
>
> That does not limit an attacker from exploiting whatever the passwordless
> identity cmds you've setup, but they can't run rampant w/ root over an
> entire machine.
>
> --
> Ted Deppner
> http://www.psyber.com/~ted/
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Patrick Hsieh <pahud@pahud.net>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg
Reply to: