On Thu, May 29, 2003 at 12:12AM -0500, Jayson Vantuyl wrote:
> Question:  Can one use a key *AND* a password?  That would make me
> really happy.  I just don't like getting ahold of a file or a password
> being enough...

That's how it's done, by default. The key is encrypted on-disk, and is
only decrypted when it's used. Just getting the key doesn't do an
attacker any good without its password.

The advantage here is that all secrets are client-side. The _local_ ssh
process reads the keyfile and the password, uses the decrypted key to
decrypt a randomly-generated challenge sent by the server, and forgets
the key again. The server gets proof that the client knows the key
without ever having access to any secret, even momentarily.

So if you're using keys properly, only each admin's personal workstation
ever carries secrets. Using sudo or su, every machine involved is
vulnerable to sniffing at some point.

> Server machines, no real desktop users.  One of these was a firewall
> that pretty much only had SSH listening.  *IF* it was hacked directly
> (rather than being compromised with a sniff'd password), then we've got
> something to target.

Was it patched against the recent kernel root hole? On any unpatched
2.4.20 (or older) linux machine, user access is pretty much trivially
equivalent to root.

Jason


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to