Re: scp scripting question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 10/12/2012 01:56 PM, Les Mikesell wrote:
> On Fri, Oct 12, 2012 at 3:44 PM, Nux! <nux@xxxxxxxxx> wrote:
>>
>> Yep, exactly right. People in #openssh confirmed -i HAS to be a real
>> path to a file.
>
> Not very unix-like behavior...

Yes, it is.  The alternative is for -i to take a file or a key as an 
argument, and that leads to ambiguous behavior.

I would offer that the behavior of zsh in Mark's request is neat, but 
not great security.  The content of the private key on a remote machine 
is being written to the local machine's /tmp filesystem.  Read 
permission will be limited to the user running zsh, so it's not super 
horrible (and I'm guessing that zsh uses O_EXCL to prevent race 
conditions that would expose the key).  All the same, I keep my keys in 
an encrypted volume because they grant me access to my customer's 
systems.  The idea of writing them to a filesystem that's not encrypted 
is just creepy.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux