Aldo Foot wrote:
I wouldn't say it's not a big risk - more like it is a risk that you
have to manage by controlling access to the account where the keys are
readable - and physical access to the media where they are stored.
Controlling access to the media storing the keys and accounts is of my
greatest
concern in particular if the system is located in some other city and
someone
else admins the machine.
Maybe I'm too paranoid.
No, it is good to be paranoid. Remember that it is really the same as
giving control of the targets to the account that controls the keys. It
may be worth doing all scripted commands from a different, well
protected host and account even if you have to copy some files twice to
get them where you want them.
--
Les Mikesell
lesmikesell@xxxxxxxxx
