Jochen Bern wrote:
Subverting your workplace machine - the same account you log in as, or even a
superuser - gives the attacker a lot of possibilities, essentially getting
his hands on all data that passes through that computer, from keystrokes to
(before-/after-encryption) network communication to the contents of your
screen. If that's a scenario probable enough to make it a concern, and the
consequences for the other hosts in your LAN important enough to consider,
the question to answer is not "which auth protocol spoken *by the subverted
machine* is a bit harder to catch as well" but "how do get I get the relevant
secrets *off* that machine and into an *actually* secure location".
I will say that there have been a lot of cases of org having all of their
machines accessible via SSH (with certs) from the Internet, only to have
attackers roam freely through them after an admin laptop is compromised. You
need soe other security mechanism that can't be copied and used from an
unapproved system (this could be location/IP based, but people are too mobile
for that nowdays, so using something off the machine is needed)
and given that people want to use mobile devices for access, relying on
messages/apps on the mobile device is not that good.
David Lang
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev