Reza - Voipernetics wrote:
Nope! SSH Key will not do the trick here. IF the php file is
compromised or someone has access to it (from the terminal), then both
SSH public and Private is also compromised. Anyone having access to
your private and public key can easily install those on a system and
have access to the target system. When you do SSH Key authentication
between two machines (at the bash level) etc., normally a challenge
phrase is not included, otherwise you get asked for the challenge phrase
every connection. Yes, you can write a script to transmit that
challenge key as well - but that defeats the purpose as you would need
to hard code or keep in a separate file a copy of the challenge
response. And that goes back to the primary question and concern if
files are compromised. Goes back to the chicken and egg dilemma.
On that note, even with SSH Keys and Pass Phrase challenge, as long as
anyone has access to both your pub and priv key, a brute force technique
only takes seconds to hours, to systematically fetch the pass phrase /
challenge response.
Make a small HTTP API on the destination server and push whatever files
via HTTP...
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
