-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "vtp" == vtp <Vishwas> writes:
vtp> On Thu, 4 Dec 2003, Ganesan Kanavathy wrote:
>> Is this approach secure? Can another machine masquerade as the
>> trusted host?
vtp> YES, absolutely. You do create your key pair, and then copy
vtp> your public-key in remote account's ~/.ssh/authorized_keys
vtp> file
You can do a couple more things to ensure security:
1. Have the ssh login to an account with low privileges on the target
machine. Then if someone does manage to crack into that account they
will not be able to do much damage.
2. Permit the remote ssh to only run rsync. This is possible by
configuring a file in ~/.ssh (don't remember exactly which one
off-hand). Once done, that key will only be able to run rsync and
nothing else on the target system.
3. IIRC SSH can implement a combination of host-based and key-based
security. Only permit the client's key to login from a specific IP
address.
Regards,
- -- Raju
vtp> [snip]
- --
Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/
GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
It is the mind that moves
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>
iD8DBQE/zuwhyWjQ78xo0X8RArcpAJ9gn576rnHaXiuyX0KwFGp7VEEBqgCgiC/y
dXYv+mbhgeWu+/700C5hvGo=
=EVit
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by OSDN's Audience Survey.
Help shape OSDN's sites and tell us what you think. Take this
five minute survey and you could win a $250 Gift Certificate.
http://www.wrgsurveys.com/2003/osdntech03.php?site=8
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
