[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cryptic netcat

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: cryptic netcat
From: Alexander Bochmann <bochmann_(_at_)_FreiNet_(_dot_)_de>
Date: Wed, 4 Oct 2000 17:11:14 +0200

...on Tue, Sep 26, 2000 at 11:46:40AM +0100, John Wright wrote:

 > On Tue, Sep 26, 2000 at 11:44:06AM +0200, Alexandre Dulaunoy wrote:
 > > On Tue, 26 Sep 2000, John Wright wrote:
 > > > On Mon, Sep 25, 2000 at 03:25:05PM -0300, Rafael Coninck Teigao wrote:
 > > > > You could make an encrypted tunnel with ssh.
 > > > The difference being that you need a login on the destination box.
 > > That's not true, you can keep key with ssh-agent and using standard script
 > > with scp & so on without typing any password. (i use it everyday). 
 > No.  It is true.  You *have* to login to another box.  ssh-agent just means
 > you don't have to enter a password or passphrase.  I use ssh-agent too.  

Create a new ssh identity with an empty passphrase and put the 
public key in the authorized_keys on the destination machine.

use ssh -i ~/.ssh/key -o BatchMode=yes remotehost

You will not be asked for a passphrase and you don't need ssh-agent 
(if you can live with unprotected keys).

I think the risk is acceptable with restricted-use logins that 
for example just run a specific program (man sshd and look for 
the options in authorized_keys).

Alex.

Prev by Date: Re: Detecting portscans
Next by Date: Re: Generic TCP Proxy - found!
Previous by thread: [FAQ?] question regarding cvs
Next by thread: Need help. ProxyARP? Other better way?
Index(es):
- Date
- Thread

Visit your host, monkey.org