[Gllug] ssh authentification

Bruce Richardson itsbruce at uklinux.net
Thu Jul 27 18:12:38 UTC 2006

On Thu, Jul 27, 2006 at 06:09:32PM +0100, - wrote:
> On 7/27/06, Ryland, Peter <peter.ryland at squaregain.co.uk> wrote:
> >You could also ask apache to run an arbitrary command to ascertain the
> >password, so all sorts of things are then possible.
> Oh, agreed. But the basic principle remains the same. If Apache is
> capable of getting at the private key without user interaction, then
> so is an attacker that has managed to get local shell access.

They would also need root access, if you've configured the system


I must admit that the existence of Disneyland (which I know is real)
proves that we are not living in Judea in AD 50. -- Philip K. Dick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060727/3b5aa95b/attachment.pgp>
-------------- next part --------------
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list