Let's put it that way ... if an attacker will be able to get
the Public-Key-Pairs of the machines he'll be able to
get the password from the script as well. If the boxes
are locked-down via firewalls to the outside world, and
have good security measures physically having the
password in a file is no safer than the public key pair
method.
[edit]
If you're adamant that Public Keys are not an option,
have a look at Perl and get Net::SCP::Expect from CPAN.
Personally I'd prefer the public-key method because
that way the attacker won't be able to figure out how
you chose passwords as a rule of thumb. Reconsider
your approach :) ... should I ask another mod to move
this thread to the security forum instead? I don't think
that the scripting should be your primary concern here.
[/edit]
Cheers,
Tink
Last edited by Tinkster; 03-18-2005 at 12:48 PM.
|