Re: A great answer to dictionary attacks on root
- From: Ignoramus7715 <ignoramus7715@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Sep 2006 18:09:59 GMT
On Wed, 13 Sep 2006 19:58:11 +0200, Steven Mocking <ufo@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Ignoramus7715 wrote:
If an intruder gets sufficient privileges to get a hold of actual
keys, they would likely be able to find out su passwords, as well.
This is not necessarily true if you keep the key on a medium which can
be physically stolen, like a USB pen.
I do not do that.
In any case it might be useful to have two versions of the key. One
is encrypted with a passphrase and you can keep this on a less
secure medium and the unencrypted key can be used for automated
backups from a secure medium.
That is true, but a little beside the point: the non-root accounts on
the server is question can be accessed with password. So if I was
somewhere without my root key, I could just log on as a regular user,
and then su to root.
i
.
- References:
- A great answer to dictionary attacks on root
- From: Ignoramus7715
- Re: A great answer to dictionary attacks on root
- From: Cezary Morga
- Re: A great answer to dictionary attacks on root
- From: Ignoramus7715
- Re: A great answer to dictionary attacks on root
- From: Steven Mocking
- A great answer to dictionary attacks on root
- Prev by Date: Re: A great answer to dictionary attacks on root
- Next by Date: Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
- Previous by thread: Re: A great answer to dictionary attacks on root
- Next by thread: Re: A great answer to dictionary attacks on root
- Index(es):
