General discussion about Chef

[chef] Re: Re: Re: Re: Re: Re: Re: `knife ssh` to multiple servers with passphrase on key


Chronological Thread 
  • From: Andrea Campi < >
  • To: " " < >
  • Subject: [chef] Re: Re: Re: Re: Re: Re: Re: `knife ssh` to multiple servers with passphrase on key
  • Date: Fri, 22 Feb 2013 21:59:55 +0100

On Fri, Feb 22, 2013 at 9:52 PM, Dan Razzell < " target="_blank"> > wrote:
Workstations are often the weakest link in the security chain.

Considering that you're now using that workstation to remotely administer multiple critical servers, it had better be the strongest link.

Fair enough. So use a firewall, antivirus, encrypt the hard drive; use it only behind a firewall; do whatever it takes.
But making security a hindrance to productivity only leads to people working around instead of towards better security.

Can in point: if "they" can read your SSH cert out of ssh-agent, "they" can just as easily install a key logger.
By not using ssh-agent, or restarting it very often, you have to type your password more often, making the system less secure.


Archive powered by MHonArc 2.6.16.

§