On Thu May 22 2008, Mike McGrath wrote: > Now, I've never actually done this. It's just my understanding that it'd > work that way. If you had root on a box and I sshed there with my ssh > key, would you not have access to take the key and log in to other boxes > as me? > > So my question is, is this a real risk or is there a precaution in SSH > preventing the attack i'm describing (basically a man in the middle type > attack) Afaik this attack is not possible with ssh because a user signs some information that is unique to the current session and contains among other things a hash of the host key that the user wants to login to. Regards, Till
Description: This is a digitally signed message part.