DPythOS 0.0 released
Luke Kenneth Casson Leighton
lkcl at samba-tng.org
Tue May 14 11:26:37 EDT 2002
On Tue, May 14, 2002 at 04:30:57PM +0400, Oleg Broytmann wrote:
> On Tue, May 14, 2002 at 04:26:34PM +0400, Oleg Broytmann wrote:
> > On Mon, May 13, 2002 at 08:49:56PM +0000, Luke Kenneth Casson Leighton wrote:
> > > - all versions of ssh are non-interactive with respect to
> > > password input. i had to patch open-ssh to accept
> > > passwords on the command-line (ssh password:user at host).
> >
> > That's bad, pretty bad. Now anyone with access to /bin/ps can view
> > all passwords :(
yep!
so the solution is: don't _let_ people use the DPythOS box for
anything other than running DPythOS.
which isn't entirely a good thing :)
the other is to overwrite the args so they can't show up.
> Oops, followup to myself. Forgot to mention a solution - properly
> distribute public keys.
yes.
however, that was a little beyond my time limits to create all
the case scenarios of key management and distribution.
it's not beyond dpythos, however.
i just decided to make ssh usage a little more like telnet
usage, from the viewpoint of the DPythosTelnet class,
and left it at that.
l.
More information about the Python-list
mailing list