[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] safety with scp



Dirk Schreiner said:
> And you can run specific commands using the Key.
> (and only  them.)
>
> And you can delete the Public-Key on the Server any time.
> (What you should do if ya Laptop is stolen.)
>
> You can use multiple Keys with multiple Passphrases on a single (shared)
> Account. (No shared Password!)
>
> And last but not least: There is something called scponly.
> Works like a charm ;-))

And you can create a separate "upload" user with a restricted shell
on the server, that only allows execution of scp (and e.g. a chmod).
Then even with a stolen laptop/private key, the attacker has only
limited access to the server and can't compromise your normal user
account that easy.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here