On Sun, Nov 28, 2010 at 12:51 PM, Kacper Wysocki <kacp...@gmail.com> wrote: > On Sun, Nov 28, 2010 at 12:44 PM, Anton Löthman <takayama...@hotmail.com> > wrote: >> Im doing some research on having the active response on a server send stuff >> to a external firewall (juniper/cisco). Have any one of you experience in >> this. I guess you have to creat a script in the active-response folder that >> ssh into the machine and add the rule. >> Always feels kind of bad to have the password to the firewall stored in >> clear text. But i guess its not that big of an issue, if someone get root >> accsess to the ossec-server its already kind of bad :) >> Anton > > I'd suggest using ssh keys in scripts that use ssh. dunno if your fw > supports it. You avoid storing the passwords and can replace or remove > the key at any time on the firewall > > > -- > http://kacper.doesntexist.org > http://windows.dontexist.com > Employ no technique to gain supreme enlightment. > - Mar pa Chos kyi blos gros >
Since the SSH keys probably wouldn't have a passphrase to use them, it's basically just as risky as having the password (IMHO).