[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] "--askpass file" is evil!

  • Subject: Re: [Openvpn-users] "--askpass file" is evil!
  • From: Leonard Isham <leonard.isham@xxxxxxxxx>
  • Date: Fri, 3 Dec 2004 09:26:11 -0500

On Fri, 3 Dec 2004 09:15:27 -0500 (EST), awilliam@xxxxxxxxxxxxx
<awilliam@xxxxxxxxxxxxx> wrote:
> You're assumptions are ruling out legitimate use cases.  laptop?  What
> laptop?  How about connections that need to be completely automated
> because there isn't a user there to enter a passphrase?  And the system is
> mounted in a rack inside a concrete room with a locked steel door?   Of
> course you also have to pass the front desk, security cameras, and at
> night there are that those pesky door sensors hooked into the alarm
> system.
> If your argument is true then ***SSH*** is broken because you can automate
> connections with key exchanges.  All you need is to get the keys!

Thank you for pointing out the answer.  As with ssh for these
situations don't put a password on the cert.

Of course there is always the possibiility that the box is explointed
and the cert stolen...

Leonard Isham, CISSP 
Ostendo non ostento.

Openvpn-users mailing list