[clug] Wanted: Developer to securely implement a restricted SSH shell

steve jenkin sjenkin at canb.auug.org.au
Mon Jan 4 23:29:48 MST 2010

Nathan O'Sullivan wrote on 5/01/10 9:32 AM:
>> Looking at your web specs, as a client I'd be uneasy about using a CGI
>> to upload a public SSH key. Even if the key isn't munged in some way,
>> how do I know that it isn't swapped and someone else is accessing my
>> DomU?
> If you do not trust $PROVIDER to do the simple task of writing a file to
> disk, would you trust them to reliably host a Xen domU for you?

Not my point - I might trust $PROVIDER, but still feel uneasy using a CGI.

What if Evil-Dude cracks CUSTOMER login can they take over their
account/assume their identity?

If they upload a bogus public SSH key (or replace an existing one), how
can you, $PROVIDER, tell?

Could be excessive paranoia :-)

More information about the linux mailing list