[rancid] Re: Rancid and cisco 'autocommand' users?

Jeffrey C. Ollie jeff at ocjtech.us
Wed Apr 25 22:33:48 UTC 2007


On Wed, 2007-04-25 at 15:19 -0700, Russell Jackson wrote:
> 
> Only the public key is stored on the remote end. Stealing it would gain an attacker
> nothing; in fact, you could store the public key on a web site or broadcast it over email
> safely. With public key authentication, the passphrase nor private key is ever transmitted
> across the wire.

But the private key must be stored unencrypted on the host running
rancid, or rancid needs to know the passphrase to decrypt the private
key.  Not that much better than storing the unencrypted password on the
host running rancid.  As John Heasley said above, there are tradeoffs to
be made if you want things automated.

Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070425/11686c7f/attachment.bin 


More information about the Rancid-discuss mailing list