Educause Security Discussion mailing list archives
Re: Looking for SSH/SCP/SFTP/FTP client that does not store passwords
From: "F.M. Taylor" <fmtaylor () PURDUE EDU>
Date: Thu, 18 Jun 2009 11:08:14 -0400
Ignore the client (except for that cleartext thing, that is just wrong) put the enforcement on the server. ln -s /dev/null ./.ssh/authorized_keys might work, haven't tried it. You may need to change the anal retentiveness of the sshd server in regards to file permissions. Doesn't do anything for root users, but that is a whole other can of worms. Thats just the first thing that springs to mind, others may have better solutions. On Thursday 18 June 2009, Gary Flynn formed electrons in this pattern:
Hi, Anyone know off the top of their head of an SSH/SCP/FTP/SFTP client that can be configured and distributed in a way that won't allow server/password pairs to be stored? FileZilla is being proposed but not only does it store by default but it also stores in cleartext. Given the recent malware that used locally stored FTP passwords to compromise web sites and the long history of stored SSH keys being used to leapfrog into systems, I'd prefer to use a client with more sane and conservative settings and features on desktops of web publishers and system administrators.
-- ......\\|//........^^^^^........)))((........%%%%%........,,,,,...... ......(- -)........(o o)........(- o)........(0-0)........(* *)...... +--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+ | F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'| | 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....| | Desk: 765-494-1872.....................C: 765-409-8140............| +-------------------------------------------------------------------+
Current thread:
- Re: Looking for SSH/SCP/SFTP/FTP client that does not store passwords F.M. Taylor (Jun 18)