Re: solid backdoor using certificates?
From: Andy Law (No_at_Spam.ac.uk)
Date: 11/17/03
- Next message: Mike: "X11 forwarding in OpenSSH question"
- Previous message: Craig Young: "Adding text before the login prompt"
- In reply to: P.B.: "solid backdoor using certificates?"
- Next in thread: P.B.: "Re: solid backdoor using certificates?"
- Reply: P.B.: "Re: solid backdoor using certificates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Nov 2003 10:27:46 +0000
In article <1068843457.733821@newsmaster-03.atnet.at>,
"P.B." <donald@duckburg.cjb.net> wrote:
> consider the following setup:
>
> - Server running SSH2 with logon with signatures using "authorized_keys" for
> certain users
> - Someone hacked the system (somehow - doesn't matter here) and gained root
> access.
>
<snip>
> I'd consider this quite a vulnerability - or am I mistaken?
>
Aren't you struck by the irony of complaining about a 'vulnerability'
having just described a scenario in which your server has been hacked
with root permissions?
If you get hacked at that level you shut *everything* down and add them
back one at a time. That includes keys in .ssh directories along with
*all* other forms of access.
-- Later, -- A (email is 'Andy' and 'Law' with a period between them at bbsrc.ac.uk)
- Next message: Mike: "X11 forwarding in OpenSSH question"
- Previous message: Craig Young: "Adding text before the login prompt"
- In reply to: P.B.: "solid backdoor using certificates?"
- Next in thread: P.B.: "Re: solid backdoor using certificates?"
- Reply: P.B.: "Re: solid backdoor using certificates?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
