On Thu May 22 2008, Mike McGrath wrote: > Now, I've never actually done this. It's just my understanding that it'd > work that way. If you had root on a box and I sshed there with my ssh > key, would you not have access to take the key and log in to other boxes > as me? > > So my question is, is this a real risk or is there a precaution in SSH > preventing the attack i'm describing (basically a man in the middle type > attack) Afaik this attack is not possible with ssh because a user signs some information that is unique to the current session and contains among other things a hash of the host key that the user wants to login to. Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
