bruce <badouglas@xxxxxxxxx> writes: > However you can also mod the ssh_config (i believe) to have it auto > use the keyFile with the pub/private key to negotiate the user/passwd > process for the ssh cmd. This is useful when remotely/programatically > accessing the ssh cmdline process for running remote apps, xferring > files, etc. Programatic password-less access can be done if you carefully limit the user to be powerless and the commands that that user is allowed to execute are limited to the one command you want to run over ssh. Search for 'command="command"' in the sshd man page. > But, and in my case, once all of this is setup, and working. If hacker > guy gets in Sys1, (where Sys1/Sys2 have been setup to do pub/private > key, and the underlying Sys1/Sys2 keyfiles have been created) then > hacker guy can easily get into/access Sys2, provided they "know" the > username. That is why you generally don't want the remote systems to have access to the main server. More secure would be if you push information from the main server to the remote systems. -wolfgang -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
