Re: authorized_keys and security
From: Richard Caley (_at_)
Date: 05/28/03
- Previous message: Lutz Jaenicke: "Re: PRNGD and ssh-rand-helper"
- In reply to: Boris Glawe: "authorized_keys and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 07:42:01 GMT
In article <bb0rdf$rg5$1@newsreader2.netcologne.de>, Boris Glawe (bg) writes:
bg> Is it right, that anybody with root access - be this a sysadmin or a
bg> hacker - has access to [keys] ?
bg> He/She could copy the files to it's own homedirectory and could login
bg> to my areas !?
If they have root access they can become you by just saying
su YOURID
If they have root access they can do anything to anything on this
machine. If they have root access it is more or less game over.
bg> What is so secure than with this authentication mechanism ?? My
bg> password is in my head, but the key is plaintext on the disk, which
bg> can be accessed, if the system's security mechanism does not protect
bg> them...
Your private keys should have passphrases. This means that someone who
just gets access to the files won't get access to your remote
accounts.
However, if they have root access and the time to wait, all bets are
off with passwords, whether they are on keys or directly for login. I
think the only schemes with some protection when the local machine is
compromised are going to be things like one time passwords and
challenge-response systems.
--
Mail me as MYFIRSTNAME@MYLASTNAME.org.uk _O_
|<
- Previous message: Lutz Jaenicke: "Re: PRNGD and ssh-rand-helper"
- In reply to: Boris Glawe: "authorized_keys and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
