LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Don't use passwords for remote authentication

Don't use passwords for remote authentication

Posted Aug 26, 2008 12:24 UTC (Tue) by tialaramex (subscriber, #21167)
In reply to: Don't use passwords for remote authentication by drag
Parent article: What happened with Fedora - and Red Hat too

The ssh-in-ssh tunnel is clever (and worth recommending) but doesn't really solve my day-to-day need for the scenario I outlined. The trouble is that if you connect from A to B via commercial leased line at 2Mbit/s and want to move a large file from B to C (which is next to it in a rack and via GigE) then it will take days to move via your ssh-in-ssh trick, compared to a few minutes with some trust invested in B*. Tunnels are transparent... right up until bandwidth and latency matters.

* Of course you can conjure up solutions involving an untrusted connection directly from B to C carrying just the file contents, then verifying a checksum via the SSH tunnel and so on. But it'd take a lot of paranoia to justify actually writing scripts for that rather than just agreeing it would work in principle.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds