Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You should have a public key and a private key on the server and the public key on the remote.
That's true, but you'd still need to deal with authentication on the remote (server A) side somehow. It seems to me like PlatinumX wants to have a way to authenticate server A to server B without credentials having to reside on server A. I don't see how that could be possible. You could, however, reduce the risk by increasing your abilities to quickly detect that the credentials have been compromised (with an intrusion detection system, for example). Of course, this also implies having everything ready to revoke the credentials and respond to the security breach.
You're not going to be able to do this cleanly if Server A can not be trusted (and it sounds like that is what you are saying). What are the exact circumstances in this situation? Maybe there's a better approach to it.
1. auth keys
2. on A, create a separate user and set home dir to 700 (rwx------) to do the job
3. on B, use the options in sshd_config of : ForceCommand, Match, Allowusers, Address http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5 to lock everything down.
As an aside, very handy options. (Too bad I am not running any systems with such a recent OpenSSH. I may need to finally build openssh-portable on my FBSD 6 host.)
That's interesting, yes. I don't know when the extra facilities were added, I just assumed that it was all part of the SSH-2 standard. The oldest system I'm running at the moment is RH7.3 with OpenSSH3.5p1 and it seems to recognise the constraints.
You're not going to be able to do this cleanly if Server A can not be trusted (and it sounds like that is what you are saying). What are the exact circumstances in this situation? Maybe there's a better approach to it
Server A has not only one administrator but several to perform various tasks.
I do trust my security administrator, but not the system admin or the network admin.
But as they have root access on the server, they can access the private key or the password.
They may be able to access the private key, but they will still be restricted by the constraints that you put on that key on the remote servers, so this may not be a problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.