On Tue, 20 Jun 2000, Darren Reed wrote:
> If an sshd is compromised and password authentication is used then the
> password is as good as stolen (if PasswordAuthentication is enabled).
Yes.
> If RSAAuthentication is being used, is the key phrase associated with
> the local ssh at risk (apart from MitM attachs) if a remote sshd is
> compromised ?
No, the key-phrase is only used by the local ssh to unlock the local
rsa-key and it is therefore never transmitted over the wire.
/MaF
- Comrpromised sshd. Darren Reed
- Martin Forssen
