[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: distributing SSH keys in a cluster environment



On Fri, Oct 29, 2004 at 10:39:00PM +0200, martin f krafft wrote:
> also sprach Mark Bucciarelli <mark@easymailings.com> [2004.10.29.1920 +0200]:
> > what about some kind of cheap usb storage for each machine?
> 
> Then I could just take the USB stick, put it onto my laptop, and
> subvert the NFS home directories.

If the USB hardware contains sensitive information, then don't put it on
the outside of the box. After all, the USB port is just a connector and
some wires that lead to the main board. Remove the screws that hold the
connector in place and put the connector, with the USB stick, inside the
box -- or, better yet, get yourself another connector, which you keep
inside the box.

Alternatively, you could add another IDE device with the keys on. That
doesn't have to be a hard disk; Those soekris thingies which you can buy
these days have a CompactFlash card slot with an IDE interface. I don't
know whether that is something soekris-specific, but if it exists
outside that stuff and isn't too expensive, you could do it that way.

In any case, make sure the boxes are properly sealed ;-)

-- 
         EARTH
     smog  |   bricks
 AIR  --  mud  -- FIRE
soda water |   tequila
         WATER
 -- with thanks to fortune

Attachment: signature.asc
Description: Digital signature


Reply to: