On Fri, May 30, 2008 at 04:51:35PM -0700, [EMAIL PROTECTED] wrote:
Yea I guess passphraseless RSA keys don't need ssh-agent. That's right. Ooops. But passphraseless RSA keys are a nice way to have cron jobs be able to move date to/from other machine. It would be a good idea to look into locking down what is possible with these keys on remote machine.
In general, I would assume this isn't possible. You could start with something like rssh, but there are still plenty of attacks. Many of the things you do to make sshd restricted make it downright unpleasant for normal use. Perhaps running another sshd in a chroot gaol would help, but remember that chroot is not imprenetrable either. David -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
