Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > secureshell > 02 > 120098.html (Request Expert securityfocus.com Support)

RE: How to forbid empty passphrases?

From: Dillenbourg Jean (FETA) <J.Dillenbourg(at)firsteuro.com>
Date: Mon Dec 02 2002 - 03:49:57 EST


Hi,

Let's have an exemple. You have a server in a DMZ which have to be synchronized with a server in you LAN. You can use th rsync command to do this, but don't forget ther is an ouput and an input on these server. So u have to write a script. You want to work with ssh to encypt the data, and so the only open port between the LAN and the DMZ is 22, which is sense sensitive on the firewalls. The script MUST runn, even if the system reboot during the night, when you are sleeeping. Working wih an empty passphrase allow you to create a tunnel ssh, even if you have a rest at the boot time.

-----Original Message-----
From: Eric N. Valor [mailto:ericv@cruzio.com] Sent: Thursday 28 November 2002 05:38
To: Ben Lindstrom
Cc: Alexander.Farber@nokia.com; secureshell@securityfocus.com Subject: Re: How to forbid empty passphrases?

Feh. I've been misreading that all this time to pertain to null-passphrase keys.

In my world, NO user is permitted to have an empty password (it gets quickly replaced with a "*" and then they get the 15-minute lecture from the "Gospel of Lusers" when they come to complain). I therefore never, ever, even considered this case.

This is disappointing.

At 05:53 PM 11/27/2002 -0600, Ben Lindstrom wrote:

>On Wed, 27 Nov 2002, Eric N. Valor wrote: 

--
Eric N. Valor
ericv@cruzio.com
PGP Key 2048/1024 227B04CB
Key Fingerprint = 766C CA15 0FFF E54B 2FEE  C7D7 0F87 3AFB 227B 04CB

: This Space Intentionally Left Blank :



---------------------

An electronic message is not binding on its sender.  
Any message referring to a binding engagement must be confirmed in writing and duly signed.
---------------------



---------------------

An electronic message is not binding on its sender.  
Any message referring to a binding engagement must be confirmed in writing and duly signed.
---------------------
Received on Mon Dec 2 10:20:10 2002
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library