Bug#112020: ITP: keychain -- An OpenSSH key manager

To: debian-devel@lists.debian.org
Cc: 112020@bugs.debian.org
Subject: Bug#112020: ITP: keychain -- An OpenSSH key manager
From: Daniel Jacobowitz <dan@debian.org>
Date: Thu, 13 Sep 2001 10:52:34 -0400
Message-id: <20010913105234.A14057@nevyn.them.org>
Mail-followup-to: debian-devel@lists.debian.org, 112020@bugs.debian.org
Reply-to: Daniel Jacobowitz <dan@debian.org>, 112020@bugs.debian.org
In-reply-to: <20010913132705.A919@atterer.net>; from deb-devel@list.atterer.net on Thu, Sep 13, 2001 at 01:27:05PM +0200
References: <20010911150043.A19658@tyka.kitiara.com> <20010912130511.B10879@atterer.net> <20010912190832.A25649@tyka.kitiara.com> <20010912230630.A31044@nevyn.them.org> <20010911150043.A19658@tyka.kitiara.com> <20010912130511.B10879@atterer.net> <20010912190832.A25649@tyka.kitiara.com> <20010912230630.A31044@nevyn.them.org> <20010913132705.A919@atterer.net>

On Thu, Sep 13, 2001 at 01:27:05PM +0200, Richard Atterer wrote:
> Indeed.
> 
> You might want to experiment with the following: Create a dedicated
> user on the machine that you log into, whose default shell is not
> /bin/sh, but a script of yours which executes rsync with the right
> options, no matter what arguments are passed to it. Also, the user
> should not be able to write to any files in his home directory.
> 
> This way, even if the key is compromised, it will be difficult for the
> attacker to do anything but run that one command. This doesn't provide
> an awful lot of security, and a determined attacker might find a way
> to circumvent it, but it's already a lot better than a completely open
> account.

Don't even bother :)  Use command restriction.  man sshd(8), search for
command=.

-- 
Daniel Jacobowitz                           Carnegie Mellon University
MontaVista Software                         Debian GNU/Linux Developer

Reply to:

References:
- Bug#112020: ITP: keychain -- An OpenSSH key manager
  - From: Cesar Mendoza <mendoza@debian.org>
- Bug#112020: ITP: keychain -- An OpenSSH key manager
  - From: Richard Atterer <deb-devel@list.atterer.net>

Prev by Date: Bug#112118: ITP: python-visual -- A Python library for 3d visualization
Next by Date: Bug#112149: ITP: ldmud -- The LDMud driver for LP-Muds
Previous by thread: Bug#112020: ITP: keychain -- An OpenSSH key manager
Next by thread: Bug#112020: marked as done (ITP: keychain -- An OpenSSH key manager)
Index(es):
- Date
- Thread