Comments on: OpenSSH Best Practices https://pthree.org/2011/07/22/openssh-best-practice/ Linux. GNU. Freedom. Mon, 09 Oct 2017 10:42:05 +0000 hourly 1 https://wordpress.org/?v=4.9-alpha-41547 By: Sencart https://pthree.org/2011/07/22/openssh-best-practice/#comment-116032 Sat, 08 Oct 2011 07:43:41 +0000 http://pthree.org/?p=1930#comment-116032 Thanks for the post, I have search the google and stop here ~

]]>
By: Aaron https://pthree.org/2011/07/22/openssh-best-practice/#comment-115866 Mon, 01 Aug 2011 19:24:48 +0000 http://pthree.org/?p=1930#comment-115866 Michel- Interesting about Keychain. Still, you have to provide authentication credentials to Keychain, before you can use your keys. One way or another, you must expose some part of the security for the convenience of automation. In the case of Keychain, you are making ssh-agent available system-wide, rather than bound to the PTY. This could be dangerous if there are more than you using the system.

]]>
By: Michel https://pthree.org/2011/07/22/openssh-best-practice/#comment-115865 Mon, 01 Aug 2011 19:11:30 +0000 http://pthree.org/?p=1930#comment-115865 Great write up, but:

You can also use keychain[http://docs.funtoo.org/wiki/Keychain] instead of using a blank passphrase. Even for times that one needs automate things. And here is another good doc on key management: http://www.ibm.com/developerworks/linux/library/l-keyc/index.html

Thanks

]]>
By: Martin Paul Eve https://pthree.org/2011/07/22/openssh-best-practice/#comment-115851 Sun, 24 Jul 2011 11:05:20 +0000 http://pthree.org/?p=1930#comment-115851 Excellent post; thoroughly appreciated. Also, Marius' comment was great; thanks for that.

]]>
By: Marius Gedminas https://pthree.org/2011/07/22/openssh-best-practice/#comment-115848 Sat, 23 Jul 2011 00:26:23 +0000 http://pthree.org/?p=1930#comment-115848 About /home/user/bin/validate.sh: best make sure the user cannot overwrite it using the rsync command you expressly allow, as that'd be a cheap way of sidestepping your restrictions. The same consideration applies to /home/user/.ssh/authorized_keys as well.

]]>
By: Aaron https://pthree.org/2011/07/22/openssh-best-practice/#comment-115847 Fri, 22 Jul 2011 19:14:55 +0000 http://pthree.org/?p=1930#comment-115847 I've been debating it. If there's a need, I can certainly do it.

]]>
By: Eric Jacobs https://pthree.org/2011/07/22/openssh-best-practice/#comment-115846 Fri, 22 Jul 2011 17:01:10 +0000 http://pthree.org/?p=1930#comment-115846 Great write up on ssh client best practices. I would be interested to read your thoughts on ssh server best practices as well.

]]>