On Sat, Apr 07, 2001 at 02:53:13AM +0100, M. Drew Streib wrote:
> The net-net is:
>
> On the box accepting the connection w/o a password from another box with
> the private key, the security of the accepting box is _only_ as good as
> the account on the originating box.
Strike that "w/o a passwo
In article <055b01c0c11f$d32f4010$6e0b4b89@munich>,
David Salisbury <[EMAIL PROTECTED]> wrote:
>Thanks Ian. I was surprised the question seeded the discussion
>that it did. You are "spot on" below on what I'm trying to do, and have
>used
>the method you describe below to basically emulate an rsh
In article <005691001131455102L112*@MHS>, <[EMAIL PROTECTED]> wrote:
>chroot does nothing to hide uid 0. It makes a subdirectory appear as /,
>so you can give somebody access to /publicdirectory, and to them it's
>/... they can't cd out of that heirarchy to the rest of your filesystem.
>No h
Thanks Ian. I was surprised the question seeded the discussion
that it did. You are "spot on" below on what I'm trying to do, and have
used
the method you describe below to basically emulate an rsh command. But
either my question was too vague or I'm missing something basic.
What you discribed
[EMAIL PROTECTED]@[EMAIL PROTECTED] on 04/07/2001 06:57:14 AM
Sent by:[EMAIL PROTECTED]
To: [EMAIL PROTECTED]@SMTP
cc: [EMAIL PROTECTED]@SMTP
Subject: Re: Rsync: Re: password prompts
Classification:
Lachlan,
Thanks for the response! I haven't tried it yet, but does
rm its own authentication in the modes you're using,
>> >and thus is not in control of the problem you're having. If rsync could
>> >override your other system authentication, then you'd have a different
>> >problem. :)
>> >
>> >If you do w
In article <036d01c0bef3$3bbd83a0$6e0b4b89@munich>,
David Salisbury <[EMAIL PROTECTED]> wrote:
>
>Is there a way to have rsync not prompt for a password.
>I've tried using .shosts and also the authorized_keys files,
>but neither seem to work. Is there anyway to modify the
>rsh or ssh commands th
On Sat, Apr 07, 2001 at 08:00:19PM +0100, L. Cranswick wrote:
> FTP and Rsync via SSH to update files - how many users do this?
> I don't think I have persuaded one person to do this - they all
> think it too inconvenient - too much new stuff to learn - and it
> takes discipline to stick with it.
Rob,
Thanks for the explanation!
Randy Kramer
Rob Russell wrote:
> chroot is the act of changing the root directory of a filesystem as it
> appears to the process. (man 1 chroot)
>
> So, if I make an [x]inetd entry that calls "chroot /var/ssh sshd" instead
> of sshd, then when inetd passes th
On Sat, 7 Apr 2001, Randy Kramer wrote:
> I don't think our descriptions are very different, but why, once you
> create the account with restricted file permission is it called
> "chrooted" -- does the user of the account think it's a root account, or
> is it just that it's his "root" account, as
On Sat, 7 Apr 2001, L. Cranswick wrote:
> > So I recompiled OpenSSH to use a different port, and have a different name
> > (BrokenSSH, or "bs" for short). I installed it on the receiving box in a
> > chrooted environment, configured its sshd_config and ran it thorugh tcp
> > wrappers so that onl
Lachlan,
Thanks for the further response!
L. Cranswick wrote:
> (Sorry for previous Emails dated 1991 -
No problem!
> On a general discussion on using a passphrase/password based approach:
> A silly question from me. Why would you need both a public file
> and a passphrase?
As I understan
>
> > Indeed, the biggest reason to use an external ssh program is that it
> > makes security updates *someone else's* problem -- ideally someone who
> > cares and/or is good at it. ("Put all your eggs in one basket and
> > *watch that basket*" :-) Seriously, when an ssh bug comes up (and more
>
> Thanks for the response! I haven't tried it yet, but does ssh with a
> passphrase address your concern? If somebody steals your private key
> can it be used without the passphrase?
(Sorry for previous Emails dated 1991 - have to do this to
run an old freeware DOS scientific analysis program
On 7 Apr 2001, Mark W. Eichin wrote:
> Indeed, the biggest reason to use an external ssh program is that it
> makes security updates *someone else's* problem -- ideally someone who
> cares and/or is good at it. ("Put all your eggs in one basket and
> *watch that basket*" :-) Seriously, when an s
> >As for implementing ssh inside of rsync, I'd like to continue to reiterate
> >what a bad idea I think that is. Security is enough pain without worrying
Indeed, the biggest reason to use an external ssh program is that it
makes security updates *someone else's* problem -- ideally someone who
ca
Lachlan,
Thanks for the response! I haven't tried it yet, but does ssh with a
passphrase address your concern? If somebody steals your private key
can it be used without the passphrase?
Thanks,
Randy Kramer
PS: Thanks for the discussion. From what you've said and other things
I've heard befo
>Not fully understanding the ramifications of chroot (as a Linux newbie)
>I don't really know whether limiting someone's access by chrooting is
>any more effective than limiting his access based on privileges provided
>to his account.
Re: rsync, ssh, security and keeping hackers out. (just my
Hello Lachlan,
Lachlan Cranswick wrote:
> (Before waffling on a side tracked issue - there is still a
> request for good web based passwordless ssh tutorials)
I don't really have anything to offer -- I learned some about public /
private key systems over a lot of years starting with a signature
>As for implementing ssh inside of rsync, I'd like to continue to reiterate
>what a bad idea I think that is. Security is enough pain without worrying
>about every program carrying its own security model and implementation (and
>possible exploits).
What if such a feature was an optional module t
c could
>> >override your other system authentication, then you'd have a different
>> >problem. :)
>> >
>> >If you do want to ssh without a password, you should look into sshagent,
>> >or the ability to create a key with no password and use of an
On Fri, Apr 06, 2001 at 09:33:04PM -0400, Randy Kramer wrote:
> Now, I may be wrong in my understanding, but, for a moment, please
> assume I'm right. If I am right, and the security provided by a
> passwordless ssh connection is just as good as, for example, PGP (assume
> I'm right about that to
you do want to ssh without a password, you should look into sshagent,
> >or the ability to create a key with no password and use of an
> >authorized_keys file. Get this to work with ssh before trying it with
> >rsync.
> >
> >-drew
> >
> >--
> >M. Dr
ith ssh before trying it with
>rsync.
>
>-drew
>
>--
>M. Drew Streib <[EMAIL PROTECTED]>, http://dtype.org
>
>"Email sigs waste valuable bandwidth."
>
>Attachment Converted: C:\Eudora\Attach\Re password prompts
>
---
Lachlan M. D. Cra
On Fri, Apr 06, 2001 at 05:42:25PM -0600, David Salisbury wrote:
> Is there a way to have rsync not prompt for a password.
> I've tried using .shosts and also the authorized_keys files,
> but neither seem to work. Is there anyway to modify the
> rsh or ssh commands that rsync uses?
I assume you
25 matches
Mail list logo
