[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs RPC security

From: Ted Zlatanov
Subject: Re: Emacs RPC security
Date: Mon, 02 May 2011 20:27:03 -0500
User-agent: Gnus/5.110016 (No Gnus v0.16) Emacs/24.0.50 (gnu/linux)

On Tue, 03 May 2011 03:16:21 +0200 Lars Magne Ingebrigtsen <address@hidden> 

LMI> Ted Zlatanov <address@hidden> writes:
>> As I keep trying to explain, you don't know who is on the other end
>> because there is *no* authentication, or rather it's binary: you have
>> the shared secret or you don't.

LMI> Yes, it's like ssh + ssh-agent.  (Only without the encryption, of
LMI> course.  :-)

ssh+ssh-agent has a user name and can authenticate the host keys.  It
has many other feature server.el doesn't, so it's like only root SSH
access was ever allowed.  Most importantly, it has PPK authentication so
there is no shared secret passed around unless the server allows
password authentication.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]