[Mimedefang] Perl Question
Russ GilmanHunt
rgilmanhunt at hotp.com
Fri Dec 27 12:44:01 EST 2002
Yes, and our "local" machine is behind a firewall- so to break into it
you'd have to break through another layer of security (walk up to my
desk, which is situated in a cube-farm next to three inquisitive IT
dudes.)
On Fri, 2002-12-27 at 09:11, David F. Skoll wrote:
> On Fri, 27 Dec 2002, Russ GilmanHunt wrote:
>
> > echo "dude" | ssh root at mail 'cat >> /root/test'
>
> If you're automating this, you presumably have an unencrypted secret
> key on the client end, or you have an ssh-agent process running. This
> means that root on the SSH client is equivalent to root on the SSH
> server, and anyone who compromises the client can compromise the
> server.
>
> If you absolutely must do something like that, you should use a
> dedicated SSH key with a restricted command (see the command="command"
> entry in the sshd manual) to minimize what can go wrong. Restricting
> the key to a particular IP address, and disabling port-forwarding
> and X11-forwarding would also be good.
>
> --
> David "call me paranoid" Skoll
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
It's not a bug, it's tradition!
More information about the MIMEDefang
mailing list