hi Gustav,
> Could that be intentional? With an idea of detecting and refusing any
> automated brute force attacks on the login?
.. were not sure :-{) but AFAIK this is ! as this could only be answered by
whoever wrote sshd.. IMHO 'nope'otherwise i would not be where i am now with
the program;-)) {the wall i am hitting is my fault no one elses;} why ?as
according to the man pages ssh allows for -t switch to force ptty allocation
but have not been able to get that to work .. according to the man.. -t
Force pseudo-tty allocation. This can be used to execute arbitary
screen-based programs on a remote machine, which can be very
useful e.g. when implementing menu services. so i thought i
would try that but it is next to useless for this app and 'does not work as
implied AFAIK' > IMVHO, it's a little bit against the philosophy of strong
encryption > software systems to try to automate logins (since it will require
the > password to be stored somewhere) from script files. I *do* see the ..
well that is true; if i were storing the password in any form but the app that
i am plunking away on does not do this.. it merely asks for the passphrase and
takes it and passes it just as if a normal tty session via ssh to sshd.. at
least that is what it tries to do;-/) "It could be designed later to store the
passphrases but I have intentionally not considered this for obvious reasons
which you know as well;-)) .. the benefit of the program i am completing is
that some of the pain for repetitive ssh access is removed while the security
model used via ssh is not compromised since the program leverages ssh itself
does not store passphrases but could leverage them say with what ssh-agent
does.. which is a interesting model although i believe would be where if i
would consider ssh trojan for sure and malicious code could be injected
there IMHO anyhow.. as it does store RSA keys.. although what does the injector
get ? a DoS actually since then the RSA would not be acceptable..whereas if
sshd is compromised .. well totally diff matter. my thoughts are GPL it as that
is the best method i know of giving back to the SEC community. > benefits
of such logins. I just believe that those writing 'secure' > software will not
cross two fingers to make it possible. Probably the > other way around
this is doable i just need to get the syntax and right approach as at least
half way there using 2 different approaches both good but not good enough IMHO
anyhow;-)) anyone interested in participating on such a project let me know by
email off list first thanks! will respond when i can..
Best Regards,
[EMAIL PROTECTED]
_______________________________________________________________________
************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
<http://www.dreamwvr.com/services/MAX_SEC.html>
DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html> <mailto:[EMAIL PROTECTED]>
->> LINUX-MANDRAKE Solution Provider and North American Distributor <<-
PRODUCT OF THE YEAR!
<http://www.dreamwvr.com/mandrake/mandrake-main.html>
"===0 PGP Key Available
*************** "As Unique as the Company You Keep." *****************
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________
