Security Basics mailing list archives
Re: Secure FTP Client
From: "STE-MARIE, ERIC" <e.ste-marie () connexim ca>
Date: Thu, 18 Nov 2004 09:32:03 -0500
Jonathan Loh wrote:
If you can program a little perl, you can always use it to program you sftp transfer along with Crypt::OpenPGP and keep the password encrypted and give THIS (the private key) password to the operator. Also, you need to make sure that gpg is not installed on that machine. To make things harder, you make sure he runs the perl script under an other user id. The goal here is to prevent access to the private OpenPGP key needed to unlock the password. You then make sure this other user id's OpenPGP keys are not accessible by the operator (chmod). Also make sure that the encrypted password file is not accessible by the operator (chmod again). Then give the operator access to run the script only by sudo as the running user id. You need to protect the private key and password encryted file to prevent the user from sending these file to an other computer that has gpg installed, which would make the decrypting job easy.You can try compiling the batch file, but depending on the compiler a simple strings command may give you the password. --- sf_mail_sbm () yahoo com wrote:In-Reply-To: <1100597496.6629.39.camel@localhost> Dear all, Thank you for your replies, will try to use the different products that have been proposed in the list Was just thinking about another issue, if the file transfer has to be done by an operator (who does not need to know the password to access the FTP site), how to prevent him from accessing the batch file (which is in clear text)... Cheers, Ronish
This is not bullet proof, of course, but it prevents a user from accidentally viewing the password you want to protect.
-- Eric Ste-Marie Conseiller Technique Connexim, une société en commandite de Bell Canada. Téléphone: 514-281-4333 (x.2754) PGP ID: DE936E29 PGP Fingerprint: 7D73 2AD5 7E5A E774 6A7B E1BA 411F 969C DE93 6E29
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Secure FTP Client, (continued)
- Re: Secure FTP Client Doug Massey (Nov 10)
- Re: Secure FTP Client Manuel Orellana (Nov 10)
- Re: Secure FTP Client jlemmerer (Nov 10)
- RE: Secure FTP Client Rivera Alonso, David (Nov 10)
- RE: Secure FTP Client Rivera Alonso, David (Nov 10)
- RE: Secure FTP Client Jeff Gercken (Nov 12)
- RE: Secure FTP Client Roger A. Grimes (Nov 12)
- RE: Secure FTP Client Owen, Matt (Nov 15)
- Re: Secure FTP Client sf_mail_sbm (Nov 17)
- Re: Secure FTP Client Jonathan Loh (Nov 17)
- Re: Secure FTP Client STE-MARIE, ERIC (Nov 18)
- Re: Secure FTP Client Jonathan Loh (Nov 17)
- Re: Secure FTP Client Doug Massey (Nov 10)