[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FAS and public Key auth



On Thu May 22 2008, Mike McGrath wrote:

> Now, I've never actually done this.  It's just my understanding that it'd
> work that way.  If you had root on a box and I sshed there with my ssh
> key, would you not have access to take the key and log in to other boxes
> as me?
>
> So my question is, is this a real risk or is there a precaution in SSH
> preventing the attack i'm describing (basically a man in the middle type
> attack)

Afaik this attack is not possible with ssh because a user signs some 
information that is unique to the current session and contains among other 
things a hash of the host key that the user wants to login to.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]