[CentOS] scp scripting question

Gordon Messmer yinyang at eburg.com
Fri Oct 12 22:02:05 EDT 2012


On 10/12/2012 01:56 PM, Les Mikesell wrote:
> On Fri, Oct 12, 2012 at 3:44 PM, Nux! <nux at li.nux.ro> wrote:
>>
>> Yep, exactly right. People in #openssh confirmed -i HAS to be a real
>> path to a file.
>
> Not very unix-like behavior...

Yes, it is.  The alternative is for -i to take a file or a key as an 
argument, and that leads to ambiguous behavior.

I would offer that the behavior of zsh in Mark's request is neat, but 
not great security.  The content of the private key on a remote machine 
is being written to the local machine's /tmp filesystem.  Read 
permission will be limited to the user running zsh, so it's not super 
horrible (and I'm guessing that zsh uses O_EXCL to prevent race 
conditions that would expose the key).  All the same, I keep my keys in 
an encrypted volume because they grant me access to my customer's 
systems.  The idea of writing them to a filesystem that's not encrypted 
is just creepy.




More information about the CentOS mailing list