[NBLUG/talk] Duplicating a server

[Chris Palmer]

Lincoln Peters writes:

> And, yes, the --password-file argument has the same problem of storing
> the password in clear text.

As does SSH key authentication, if you don't protect the private key
file with a password (and, really, even if you do).

If you want automation, there has to be a cleartext secret somewhere, in
some form.

This situation:

    $ umask 077
    $ cd
    $ mkdir secrets
    $ vi secrets/rsync-passwd
    $ ls -al secrets
    total 8
    drwx------    3 chris  chris   102 Nov 21 11:37 .
    drwxr-xr-x   70 chris  chris  2380 Nov 21 11:37 ..
    -rw-------    1 chris  chris    16 Nov 21 11:37 rsync-passwd

is pretty good, as far as it goes. rsync-passwd is as well-protected as
your private SSH key.

(Note that setting umask first, and using an interactive editor instead
of echo, is important for security -- avoiding race conditions and
attackers looking at the process table.)

> The problem is that the security chain is only as strong as its
> weakest link.  If you forget even one tiny little detail, it puts the
> entire system at risk.  So you're probably better off using SSH key
> authentication, thus avoiding the issue of passwords altogether and
> thereby eliminating several links from the chain.

I really don't think using SSH keys is much different. There is still a
stored secret; it's just bigger than your average password. The only
real difference between a password file and a cleartext private key is
that you can limit what SSH will execute when using key authentication.
(That mechanism is not foolproof either; see also sudo hijinks.)


-- 
http://www.eff.org/about/staff/#chris_palmer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://nblug.org/pipermail/talk/attachments/20051121/4a41ef06/attachment.pgp