[TriLUG] copying files

David Both dboth at millennium-technology.com
Fri Jun 22 16:13:04 EDT 2012


Even if the black hat have the public key they can do nothing with it. They 
cannot recreate the private key from it and they cannot use the public key to 
initiate a conversation with the server or any other client using the same 
public key. The only way to initiate a conversation is from the ONE host 
(Server) with the private key to any host with the public key. You do not even 
need to have a different PPKP for each client as the same public key will work.

It is therefore completely irrelevant whether anyone has the public key. Which 
is why it is called the **public** key.

And the best part is that a PPKP with a null passphrase is considered more 
secure that a remote login with a standard password.

On 06/22/2012 03:54 PM, Joseph Mack NA3T wrote:
> On Fri, 22 Jun 2012, Bill Farrow wrote:
>
>> On Fri, Jun 22, 2012 at 2:13 PM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
>>> I like this. With Bill's way, if the box doesn't phone home, I don't know if
>>> it's lost power, has been run over by a pick-up truck, is safely on a shelf
>>> back in the office, or is being disassembled in the basement of a TriLUG'er.
>>
>> I don't understand.  Your saying that if the client box is unable to
>> connect to the server that you will have more luck getting the server
>> to initiate the connection back to the client... ?!?
>
> no. If the public key is on the client and I can't locate the client, then I 
> care if the wrong person has the key that's on the client. I don't have to 
> worry about deleting the key on the server.
>
>>> maybe I will need a vpn after all. That will allow the server to connect to 
>>> the client inside the vpn.
>>
>> And we are back to the situation where the client box has a security
>> key without a passphrase for the VPN.  The client box still needs to
>> make the VPN connection to the server, so we end up back at the same
>> situation as the rsyncd method.
>
> yes.
>
>> I would still recommend the rsyncd method: simple, robust, and your
>> server remains reasonably secure.
>
> it looks that way. I've been wrong enough before in this thread, that I'm 
> going to wait a bit before I say "I'm sure".
>
> Joe
>



-- 


*********************************************************
David P. Both, RHCE
Millennium Technology Consulting LLC
919-389-8678

dboth at millennium-technology.com

www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both




More information about the TriLUG mailing list