On Wed, 2004-01-14 at 16:22, Rigler, Steve wrote: > > >I think somebody has got your root passwd when you logged in > > from your job via ssh. Dont use ssh,ftp or similar from your job PC. > > > > > IIRC, ssh encrypts the password before transmission -- so it > > shouldn't > > matter where you login from. > I think the reason for not doing it from work was because of the possibility > that your employer may be running monitoring software on your PC (keystroke > logger or whatever). Another possibility is for a man-in-the-middle attack. If it's a first-time connection to a host, you have to accept the host key, which can come from someone spoofing the server IP. Once you've accepted the key from the spoof, you pass them your password... This is why exchanging keys in a secure method is so important. If not over a previously known good connection, you can always fall back to sneakernet. :) -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
