Re: authorized_keys and security

From: Richard Caley (_at_)
Date: 05/28/03

  • Next message: Richard Caley: "Blocking port forwarding etc."
    Date: Wed, 28 May 2003 07:42:01 GMT
    
    

    In article <bb0rdf$rg5$1@newsreader2.netcologne.de>, Boris Glawe (bg) writes:

    bg> Is it right, that anybody with root access - be this a sysadmin or a
    bg> hacker - has access to [keys] ?

    bg> He/She could copy the files to it's own homedirectory and could login
    bg> to my areas !?

    If they have root access they can become you by just saying

            su YOURID

    If they have root access they can do anything to anything on this
    machine. If they have root access it is more or less game over.

    bg> What is so secure than with this authentication mechanism ?? My
    bg> password is in my head, but the key is plaintext on the disk, which
    bg> can be accessed, if the system's security mechanism does not protect
    bg> them...

    Your private keys should have passphrases. This means that someone who
    just gets access to the files won't get access to your remote
    accounts.

    However, if they have root access and the time to wait, all bets are
    off with passwords, whether they are on keys or directly for login. I
    think the only schemes with some protection when the local machine is
    compromised are going to be things like one time passwords and
    challenge-response systems.

    -- 
    Mail me as MYFIRSTNAME@MYLASTNAME.org.uk        _O_
                                                     |<
    

  • Next message: Richard Caley: "Blocking port forwarding etc."

    Relevant Pages

    • Re: security of OpenBSD vs Linux distros
      ... If workgroups need to install any software they can do so in their ... the system staff of around five people have root access. ... Yes, if a cracker does get control of one account, he might be ... >>> walk off with the machine and get a set of important keys. ...
      (comp.os.linux.security)
    • Re: Wireless Network Key
      ... If you use a hard to crack master key phrase, ... difficult to get access to the encrypted keys. ... Root access does not get ... Therein is one of those gotchas with Ubuntu. ...
      (Ubuntu)
    • Re: Its Almost April and you know what Alias wants!
      ... is he tries to market that inferior crippled product here in the vista forum where NOBODY wants it. ... has posted a "Thanks Alias" for turning me on to Ubuntu. ... In most cases, the crack-masters have gone through many broken systems and worked out what the most common account names are, and then used large numbers of broken into systems as a very large john-the-ripper cluster to figure out what passwords they could get. ... The big thing that comes up with several of these is that most botnet people are quite happy if they dont get root access. ...
      (microsoft.public.windows.vista.general)
    • Re: Why does this happen?
      ... ]>> If this is some hacker's way of getting root access on my server, ... To put a server on the internet is to invite ... rpm -V -- making sure first that you have a valid copy of rpm on your ... the net then the probablility of their passwords having been ...
      (alt.os.linux)
    • Re: suddenly filling of hd and no access to x
      ... and as such the users and passwords will not be the same. ... I am not sure what the procedure is to get root access from the live ... and partitions should be mountable from the liveCD desktop - and ... sudo nautilus / ...
      (Ubuntu)