> Thanks for the response! I haven't tried it yet, but does ssh with a
> passphrase address your concern? If somebody steals your private key
> can it be used without the passphrase?
(Sorry for previous Emails dated 1991 - have to do this to
run an old freeware DOS scientific analysis program that does
not like running in the year 1992 or onwards. Please don't ask
why - a long and tedious explanation would result)
In the context of passwordless secure mirroring using rsync, the
above not help.
On a general discussion on using a passphrase/password based approach:
A silly question from me. Why would you need both a public file
and a passphrase? One problem with being overly security conscious
is the same with being overly and unrealistically safety conscious:
the systems you setup not only take far more effort - but eventually
some people may start doing things insecurely as they get too annoyed
with the inconvenience doing things securely.
Good secure systems need to be easy to inplement and easy to
use - same with work place safety systems. Otherwise mistakes
may creep in during installation - and people may feel compelled
to by-pass security due to its unneccessary nuisance value.
(How many people have been forced on accassion to use FTP or Telnet
with clear text passwords to do something due to a secure shell
setup being too tight?)
> PS: Thanks for the discussion. From what you've said and other things
> I've heard before, my impression of chrooting is that you somehow create
> an "artificial" root account / environment with limited privileges, and
> somebody that uses this artificial account cannot get to the real root
> account? Is this close?
I would have thought it was an account with restricted file
browsing and /or permissions
and functionality.
Lachlan.
--
Lachlan M. D. Cranswick
Geochemistry - Lamont-Doherty Earth Observatory, Columbia University
PO Box 1000, 61 Route 9W Palisades, New York 10964-1000 USA
Tel: (845) 365-8662 Fax: (845) 365-8155
E-mail: [EMAIL PROTECTED] WWW: http://www.ldeo.columbia.edu
CCP14 Xtal Software Website: http://www.ccp14.ac.uk
