ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <dona...@apache.org>
Subject Re: Using Ant with SSH
Date Fri, 27 Jul 2001 07:32:15 GMT
> "healey, alex" wrote:
> 
>
> > >Naah. If you use public/private key system you never have to enter a
> > >passphrase ... ever ;) I don't even know my passwords on most systems I
> >
> > have
> >
> > >accounts on because I don't need it ;)
> >
> >
> > Surely this means it is insecure or you are assuming total physical
> > security of your computer (so that it is safe to store you full
> > credentials there). All PKI systems I have used require both physical
> > "key" (disk, card, or hard drive files) and a password / passphrase
> > otherwise they aren't secure as there is nothing to stop anyone using
> > your computer to impersonate you.
> >
> > Maybe I am missing something.

Nope ;)

But I run linux and thus I have consequently learnt that once a user 
compromises a local account then it is trivial to compromise root. Once root 
is compromised they can easily compromise ssh binary. Also if they can get to 
physical location it is trivial to compromise root.

Using passworded keystores often gives people a false sense of security I 
guess and it only really protects against script kiddies. But if script 
kiddies can compromise a local account ... then you have faaar more problems 
to think about ;)

If I need to develope securely then I disconnect from network and lock it it 
behind a metal door. Unfortunately it is damn cold down there so I usually 
only do that when forced to ;)

Cheers,

Pete

*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof."                   |
|              - John Kenneth Galbraith               |
*-----------------------------------------------------*

Mime
View raw message