[Gllug] ssh authentification

- Tethys tethys at gmail.com
Thu Jul 27 17:09:32 UTC 2006

On 7/27/06, Ryland, Peter <peter.ryland at squaregain.co.uk> wrote:

> You could also ask apache to run an arbitrary command to ascertain the
> password, so all sorts of things are then possible.

Oh, agreed. But the basic principle remains the same. If Apache is
capable of getting at the private key without user interaction, then
so is an attacker that has managed to get local shell access. If it
requires human interaction, then said attacker is probably out of
luck. Of course, the downside is that when it falls over at 3am, it
can't be started automatically, and you need to get hold of a sysadmin
to restart it. Hence my original claim that it's a perfectly sensible
decision to opt for passwordless keys. It's just a tradeoff between
security and flexibility, and the needs of the site and the
application determine which option you go for.

Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list