semat wrote:
That depends on the situation. The private keys are on the SSH client machine, so if that is more secure than the SSH server, the setup is more secure than with passwords being on the server.
We have lost the point here. <<<---- L O O K
Are both of these machines behind the firewall? Do we assume that the attacker knows about this script and his only purpose is find this script in hopes that it has a plain text password in it? If this data is that sensitive it should NOT be transfered through the internet in the first place. If it is a intranet transfer and there is that much concern about security I would use some other (more secure) means of transfer and find out who the attacker is and have appropriate action taken against this individual (dismissal). -- Ken Schneider Senior UNIX Administrator Network Administrator Security Manager kschneider@rtsx.com