From: Willie Wong <wwong@Math.Princeton.EDU>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Copying a file via ssh with no password, keeping the system safe
Date: Fri, 8 Oct 2010 06:18:47 -0400 [thread overview]
Message-ID: <20101008101847.GA8636@math.princeton.edu> (raw)
In-Reply-To: <4CAED0DE.8080609@alyf.net>
On Fri, Oct 08, 2010 at 10:05:50AM +0200, Andrea Conti wrote:
> Now, the remote sshd is never sent any information about what is
> connected to the local end of the pipe (which is not even known to
> ssh!), so there is no way to alter its behavior depending on that.
>
> IOW, nothing in the setup you and I proposed prevents the user from
> piping an arbitrary command into ssh (or even using a ssh-invoking
> wrapper such as scp or rsync) and getting successfully authenticated on
> the server. You are only guaranteed that the server will run tar in
> place of whatever remote command the client requests, so that the
> connection will break if the client side sends non-tar data.
>
> In my opinion this is quite different from "[allowing] only one single
> command from a single cronjob to operate passwordless", but then I might
> just be splitting hairs.
Okay, reading your explanation I agree with you on both counts: the
behaviour does not exactly fit the letter of the question, and that
you are splitting hairs because I think the behaviour is good enough
for the spirit of the message.
Cheers,
W
--
Willie W. Wong wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
prev parent reply other threads:[~2010-10-08 10:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-07 16:45 [gentoo-user] Copying a file via ssh with no password, keeping the system safe Momesso Andrea
2010-10-07 17:36 ` Stroller
2010-10-07 18:14 ` Willie Wong
2010-10-07 18:26 ` Willie Wong
2010-10-07 18:40 ` Andrea Conti
2010-10-07 21:59 ` Momesso Andrea
2010-10-07 22:21 ` covici
2010-10-07 22:38 ` BRM
2010-10-08 8:53 ` Neil Bothwick
2010-10-07 22:28 ` Willie Wong
2010-10-08 8:05 ` Andrea Conti
2010-10-08 10:18 ` Willie Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101008101847.GA8636@math.princeton.edu \
--to=wwong@math.princeton.edu \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox