Your only real option at this stage is look at hardware key storage such
a a yubikey. This means that key material can't be removed but you can
still auth to the backed up systems via the hardware key. This limits
the attack to being started from the system with the hardware module,
this only moves
lanceh1412-busin...@yahoo.co.uk schrieb am 28.07.2016 um 16:01:
> I'll have a go at that. It looks like it'll make work harder for the enemy!
>
>
Here's another possibility
https://sdeziel.info/backuppc/index.html
I mean the restriction per wrapper script and/or ip within
.ssh/authorized_keys:
If an attacker has physical access to your system, you lose. That's why
data centers and computer rooms in large companies have keycard access,
locked racks, and video monitoring.
The best defenses against someone with physical access are a bios
password, which will at least force them to shu
It is quite easy to reset your user password in ubuntu if you have physical
access to the machine. See https://help.ubuntu.com/community/LostPassword. This
is why I wanted to encrypt the ssh keys. That way if someone resets the
password they can't access the keys.
On Thursday, 28 July 2016
I'll have a go at that. It looks like it'll make work harder for the enemy!
On Thursday, 28 July 2016, 14:38, Carl Wilhelm Soderstrom
wrote:
On 07/28 01:01 , lanceh1412-busin...@yahoo.co.uk wrote:
> I hadn't really thought about the danger from a restore. I guess that would
> require q
On 07/28 01:01 , lanceh1412-busin...@yahoo.co.uk wrote:
> I hadn't really thought about the danger from a restore. I guess that would
> require quite a bit of technical knowledge of backuppc to engineer an attack
> on a server? It would require significantly less knowledge to steal the ssh
> key
"if someone had physical access to backuppc server they could easily
logon as backuppc user by resetting the password"
How would that work? Unless you leave the backuppc user logged in, they
would still need to either know the password or use some sort of hack to
get access before being able
I hadn't really thought about the danger from a restore. I guess that would
require quite a bit of technical knowledge of backuppc to engineer an attack on
a server? It would require significantly less knowledge to steal the ssh keys
on an unencrypted server and then have root access.
On
On 07/28 10:53 , lanceh1412-busin...@yahoo.co.uk wrote:
> Just trying to harden security. My concern is if someone had physical access
> to backuppc server they could easily logon as backuppc user by resetting the
> password and therefore gain access to the ssh keys. Now I see it is possible
> t
Hi,
Just trying to harden security. My concern is if someone had physical access to
backuppc server they could easily logon as backuppc user by resetting the
password and therefore gain access to the ssh keys. Now I see it is possible to
put the ssh keys in an encrypted private directory (See
E
10 matches
Mail list logo
