[Mimedefang] Perl Question
David F. Skoll
dfs at roaringpenguin.com
Fri Dec 27 12:12:01 EST 2002
On Fri, 27 Dec 2002, Russ GilmanHunt wrote:
> echo "dude" | ssh root at mail 'cat >> /root/test'
If you're automating this, you presumably have an unencrypted secret
key on the client end, or you have an ssh-agent process running. This
means that root on the SSH client is equivalent to root on the SSH
server, and anyone who compromises the client can compromise the
server.
If you absolutely must do something like that, you should use a
dedicated SSH key with a restricted command (see the command="command"
entry in the sshd manual) to minimize what can go wrong. Restricting
the key to a particular IP address, and disabling port-forwarding
and X11-forwarding would also be good.
--
David "call me paranoid" Skoll
More information about the MIMEDefang
mailing list