how to design this security demands?

14 views
Skip to first unread message

sd song

unread,
Apr 26, 2017, 9:09:47 AM4/26/17
to Ansible Project

A python program P running on server S1, listening port 8443. Some other services can send id_isa, ip pair to PP could use this pair and make a ssh connection to the ip (create a ssh process).

How to make protect the id_rsa file even the machine S1 is cracked ? How to let root user can't get the id_rsa content (It seems ssh can use -i keyfile only)?

The main problem is P (which call ansible api to use ssh) must save the id_rsa file to the disk,so that ssh can use it to conect to the ip.

sd song

unread,
Apr 26, 2017, 9:09:55 AM4/26/17
to Ansible Project

A python program P running on server S1, listening port 8443. Some other services can send id_isa, ip pair to PP could use this pair and make a ssh connection to the ip (create a ssh process).

How to make protect the id_rsa file even the machine S1 is cracked ? How to let root user can't get the id_rsa content (It seems ssh can use -i keyfile only)?

The main problem is P must save the id_rsa file to the disk,so that ssh can use it to conect to the ip.

Reply all
Reply to author
Forward
0 new messages