On Sun, 2003-11-02 at 17:11, Joe Kexel wrote: <snip> > This makes a nice port forward by demand configuration. It keeps your > firewall port forwards to a minimum. Caution, if the authentication method > is compromised, the attacker literally can go to any system within your > network, or hack other sites from your SSH server. So, there is more > exposed with this, if passwords are weak. >
How good would Host-Based authentication be for this situation? My current assumptions are that it would be no-less secure than using normal passwords (and may even be more secure as RSA/DSA keys are more difficult to remember). Also if you need the port forwarding to be setup upon boot (especially at remote sites and there is a power cut etc) then Host Auth does not need to prompt for a password. Can SSH forwarding be used from a script without prompting for a password, maybe stored in a file? The project I am working on would need to setup multiple forwarding to multiple workstations at multiple sites, having the ability for this to work without passwords (but still be secure) would be really useful. If anyone is interested I will post the (very) preliminary ideas on my website. Ramiro, based on your original post I think the project I'm doing could be overkill but any thoughts you have on it would be useful to me getting a better overall feel for what features people need. Let me know and I'll post the details. Lee _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
