Re: authorized_keys and security
From: Neil W Rickert (rickert+nn_at_cs.niu.edu)
Date: 05/28/03
- Next message: Alex: "Re: authorized_keys and security"
- Previous message: Boris Glawe: "authorized_keys and security"
- In reply to: Boris Glawe: "authorized_keys and security"
- Next in thread: Alex: "Re: authorized_keys and security"
- Reply: Alex: "Re: authorized_keys and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 May 2003 23:30:22 GMT
Boris Glawe <boris@boris-glawe.de> writes:
>I've got a question concering security.
>The files ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub contain the private and
>the public keys, used for authentication.
>Is it right, that anybody with root access - be this a sysadmin or a
>hacker - has access to those files ?
Right.
>He/She could copy the files to it's own homedirectory and could login to
>my areas !?
Only if you foolishly chose to use keys not protected by a good pass
phrase.
---------
If you cannot trust the root user, all is lost. The root user could
install a keyboard sniffer to catch any password that you type.
- Next message: Alex: "Re: authorized_keys and security"
- Previous message: Boris Glawe: "authorized_keys and security"
- In reply to: Boris Glawe: "authorized_keys and security"
- Next in thread: Alex: "Re: authorized_keys and security"
- Reply: Alex: "Re: authorized_keys and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
