Re: Looking for SSH/SCP/SFTP/FTP client that does not store passwords

["F.M. Taylor" <fmtaylor () PURDUE EDU>]

Ignore the client (except for that cleartext thing, that is just wrong) put 
the enforcement on the server.

ln -s /dev/null ./.ssh/authorized_keys

might work, haven't tried it.  You may need to change the anal retentiveness 
of the sshd server in regards to file permissions.  Doesn't do anything for 
root users, but that is a whole other can of worms.

Thats just the first thing that springs to mind, others may have better 
solutions.

On Thursday 18 June 2009, Gary Flynn formed electrons in this pattern:
> Hi,
>
> Anyone know off the top of their head of an SSH/SCP/FTP/SFTP client
> that can be configured and distributed in a way that won't allow
> server/password pairs to be stored?
>
> FileZilla is being proposed but not only does it store by default
> but it also stores in cleartext.
>
> Given the recent malware that used locally stored FTP passwords
> to compromise web sites and the long history of stored SSH keys
> being used to leapfrog into systems, I'd prefer to use a client
> with more sane and conservative settings and features on desktops
> of web publishers and system administrators.



-- 
......\\|//........^^^^^........)))((........%%%%%........,,,,,......
......(- -)........(o o)........(- o)........(0-0)........(* *)......     
+--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+
| F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'|
| 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....|
| Desk: 765-494-1872.....................C: 765-409-8140............|
+-------------------------------------------------------------------+