Pawel Krupinski wrote:
> One of the problems we are facing is secure storage of
> passwords (database, bestcrypt, other
> applications/systems, …) and availability within
[...]
> I'm using ssh agent currently just to manage my keys
> and practically they are used only to provide me with
> SSO to other ssh based systems. Why not use these keys
> (or a separate ssh key pair) to protect passwords to
> things such as database?
Don't forget that the agent functionality is available on any host that
you have logged onto with agent forwarding enabled, so anyone
controlling any one of those hosts can use your agent to decrypt your stuff.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|