[MacTUG] Apple Remote Desktop, security of sending unix commands
Mike Patterson
mpatterson at uwaterloo.ca
Tue Oct 11 16:05:17 EDT 2016
As long as you're not using <= 10.4.10 still. :-)
Honestly, *for service accounts*, storing passwords in plaintext in your script would be ok too (although better would be to store the password in a separate file, then you can check your script into source control somewhere). We routinely do this, although the systems upon which credentials get stored are restricted-access - the only people who have access can reset those passwords anyway, so YMMV. But if it would ease your administration, storing service account passwords is fine.
And yeah, if server and clients are on the same subnet, you're already protected to a certain extent, provided you can trust the clients themselves.
Mike
--
Mike Patterson - Manager, Information Security Operations
Information Security Services, University of Waterloo
+1 519-888-4567, x47178 / mike.patterson at uwaterloo.ca
Security Operations Centre x41125 / soc at uwaterloo.ca
> On Oct 11, 2016, at 15:54, Donald Duff-McCracken <dsmccrac at uwaterloo.ca> wrote:
>
> It looks like most if not all of the traffic with Apple Remote Desktop is encrypted:
>
> Apple Remote Desktop 3 uses 128-bit AES encryption to ensure that all remote
> communications are secure, even over the Internet, with client computers
> running Mac OS X v10.4.11 or later – from https://www.apple.com/euro/remotedesktop/pdf/ARD33_TO.pdf
>
>
> I am considering a sending a unix script that would include a password to my lab machines. I would not save the script with the password – I would enter it only when I am sending the script – so there would be no viewable record of it on my computer, nor so I think the client computers. The script would run (obviously) invisibly in the background with no chances of screen display on the computer.
>
> It sounds like it would be sent – from my server to the clients on the same subnet – encrypted and so I should not be fretting over this. Am I missing anything?
>
>
> ------------------------------------
> Donald Duff-McCracken
> Technical Services Manager
> Mapping, Analysis & Design
> Faculty of Environment
> University of Waterloo
> (519) 888-4567 x32151
> https://uwaterloo.ca/environment-computing/about/people
> ------------------------------------
> This email communication is intended as a private communication for the sole use of the primary addressee and those individuals listed for copies in the original message. The information contained in this email is private and confidential and If you are not an intended recipient you are hereby notified that copying, forwarding or other dissemination or distribution of this communication by any means is prohibited. If you are not specifically authorized to receive this email and if you believe that you received it in error please notify the original sender immediately.
>
> _______________________________________________
> MacTUG mailing list
> MacTUG at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/mactug
More information about the MacTUG
mailing list