Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ons 2011-10-12 klockan 12:20 -0700 skrev Adam Williamson:

> Sure there is. There's the exact same problem as using the same password
> across multiple projects: if someone compromises the key they have
> compromised all of those projects. If you use a different key for each
> project, an attacker can only compromise one project with any given key.

To compromise  my SSH key they need to compromise the location where my
key is stored and the key encryption passprase. If they manage to do
that then any key I have stored there is at equal risk, or anything else
I have on my computers or any system I have accessed meanwhile.

Accessing a compromised system using an SSH key do not place the key as
such at risk. There only is a slight risk if you have agent forwarding
enabled that the key may be used (not copied or stolen) while you are
logged in and is why agent forwarding SHOULD be disabled by default (and
is by default).

Accessing a compromised system using a password immediately gives the
password away.

Regards
Henrik

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux