On Tue, 15 Oct 2002, Chris Santerre wrote: > You know I always wondered about this method. su - has you input a password. > So If a sysadmin is on a cable modem at home, logs in as normal user w/ ssh, > then does an su - and enters password, How is that any different? You are > being sniffed on the cable network.
But it is encrypted in the ssh tunnel > Keep in mind you can now sniff SSH > packets. So how could this be more secure? Randy is right (and I posted a more complete discussion elsewhere on this thread tonight -- the thread seems to have been split in two so I missed Randy's note before I wrote that.) Although you can sniff SSH packets you don't know what is in them (or do you?) There is not yet a published theoretical way to break the encryption in SSH V2.0 protocol. > So wouldn't a hacker now have > both the first user pass and the su - ? > No. Now if the cracker broke into your home PC (through a back orifice trojan for example) then Chris is right - no amount of encryption or layers of passwords do any good -- the whole lot is compromised. Encryption really only protects you from interception (sniffing) *not* local compromises. (Cue smart cards and OTP technology ....)
