[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAGE] The danger of SSH keys..
On Mon, Jan 22, 2007 at 08:11:48AM -0800, Dana Quinn wrote:
> Make it so people only have access to a keygen binary that requires a
> password. I'm aware of a large company that does this fairly
> successfully. Could get unwieldy as you need to cover all the
> possible OSs that people might use to generate...
My perspective may be warped beyond any rational expectation here, but
that doesn't seem plausible. For example, I run FreeBSD on my laptop,
and generally track both STABLE & CURRENT (on different slices) on a
(usually) daily basis. And I keep a private mirror of the FreeBSD CVS
repository on the same laptop (also updated on the same basis).
Point is, I don't normally keep the binaries longer than a day before
they're rebuilt anyway. And I control what binaries run on my
(personal) laptop, and I control what sources are used to build the
binaries....
Peace,
david
--
David H. Wolfskill david@catwhisker.org
Believe SORBS at your own risk: 63.193.123.122 has been static since Aug 1999.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
PGP signature