[Gllug] RSA or DSA
Nix
nix at esperi.org.uk
Wed May 18 12:32:34 UTC 2005
On Tue, 17 May 2005, Alain Williams moaned:
> Nah - don't need to hack the binaries or keylog or crack the comms channel.
> If they gain access to your machine when you are logged in and become you (or root),
> All that they need to do is to work out what to set $SSH_AGENT_PID and $SSH_AUTH_SOCK
> (neither of which is difficult) then they use your active ssh-agent to log in to
> other machines without quoting a password and without knowing your passphrase.
Oooh. True. The agent necessarily doesn't have any protection against
that (nor can it without eliminating its only advantage).
> Thus being forced to quote a root password on the other box really does make
> things more difficult for them.
True (although if they can mess with your ssh-agent they can also snoop
on your pty and spy on your keyboard input ;) )
--
`End users are just test loads for verifying that the system works, kind of
like resistors in an electrical circuit.' - Kaz Kylheku in c.o.l.d.s
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list