On 02.09.17 21:26, Damian Johnson wrote:
I dropped that since it posed a security issue.
Sigh... That seems a bit overzealous to me.
I'd suggest cookie authentication if you'd care to rely on file permissions rather than something you know. That'll work transparently.
I don't think I understand what exactly you are suggesting. Could you provide an example? I can currently do the following with 'arm', and want to it with 'nyx' as well:
me@mynotebook $ ssh foo@tornode foo@tornode $ sudo -u tor /usr/bin/arm
I have to enter SSH keyfile password(*) and SUDO password already, and don't want to enter yet another password for the Tor controller. Since I am the only human who can SSH to my Tor nodes, having a password in ~/.nyx/config would be a "risk" (grin) I'm perfectly willing to take.
-Ralph
(*) I'm aware of ssh-agent.