On December 24, 2020, Michael Tiernan wrote: >I've got one [user] that every 30secs launches a script that logs in, >checks a dir for files then closes. Using his unprotected key.
Do you mean an SSH key with an empty passphrase? Actually, this can be done fairly securely and is particularly good for scripting. Create a distinct key pair, with empty passphrase, and on the server side, set up authorized_keys to use a forced command (man sshd), e.g., 'command="/bin/ls myfile"'. Even if the private key is stolen, all the attacker can do is run "/bin/ls myfile" on the remote system, not a login shell. I'm not saying that Michael's user is doing it this way. :-) But it's a reasonable technique. -- Dan Barrett [email protected] _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
