On 18 Sep 2011, at 00:45, Reza - Voipernetics <[email protected]> wrote:
> Nope! SSH Key will not do the trick here. IF the php file is compromised or
> someone has access to it (from the terminal), then both SSH public and
> Private is also compromised. Anyone having access to your private and
> public key can easily install those on a system and have access to the target
> system. When you do SSH Key authentication between two machines (at the
> bash level) etc., normally a challenge phrase is not included, otherwise you
> get asked for the challenge phrase every connection. Yes, you can write a
> script to transmit that challenge key as well - but that defeats the purpose
> as you would need to hard code or keep in a separate file a copy of the
> challenge response. And that goes back to the primary question and concern
> if files are compromised. Goes back to the chicken and egg dilemma.
>
> On that note, even with SSH Keys and Pass Phrase challenge, as long as anyone
> has access to both your pub and priv key, a brute force technique only takes
> seconds to hours, to systematically fetch the pass phrase / challenge
> response.
> /*
> Kind regards,
> Reza.*/
>
This is just to transfer recordings in one direction?
Is it from one host to one host or many to one, one to many?
> --
> *
> *FOUNDER & SR. TELECOM ANALYST*
> /VOIPERNETICS COMMUNICATIONS <http://www.voipernetics.com/>/*
> NATION WIDE DIDS, SIP TRUNKS & VOIP 911.
> PARTIAL / FULL VIRTUAL PRI - NO CONTRACTS!
> HOSTED PBX & TERMINATION SERVICES.
> TEL: 647-476-2067
>
> Brian Chamberlain wrote the following on 9/17/2011 7:30 PM:
>> On 18 Sep 2011, at 00:22, Reza - Voipernetics wrote:
>>
>>> We've written some codes for a client that does call recording and
>>> archiving, and within the application is hardcoded an alphanumeric ssh
>>> login and password. We tried to encrypt and obfuscate our PHP codes
>>> using:
>>>
>>> SourceGurdian
>>> ionCube
>>> and good old Zend encoder!
>>>
>>> These obfuscations were reverse engineered and un-obfuscated online by free
>>> apps such as dezender ionCube Decrypter and few other open source freely
>>> available tools.
>>>
>>> At this stage, because the login data is critically sensitive, I am willing
>>> to go as far as installing some sort of encrypter that depends on
>>> installing an Apache module - versus stand alone obfuscation techniques and
>>> software.
>>>
>>> Any suggestions and advise is welcome.
>>> Thank you.
>>>
>>
>>
>> SSH keys instead of auth?
>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>> Brian Chamberlain
>>
>> I.P. Telecom Limited
>> Unit 9a Plato Business Park
>> Blanchardstown
>> Dublin 15
>>
>> Tel: +353 1 6877777
>> Mobile: +353 86 3883003
>> Email: [email protected]
>>
>> http://www.iptel.co
>> http://www.iptelecom.ie
>> http://www.hostedpbx.ie
>>
>>
>> **** Please email [email protected] or [email protected] to ensure any
>> support query is dealt with quickly ****
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
