FAS and public Key auth

Till Maas opensource at till.name
Thu May 22 14:01:52 UTC 2008


On Thu May 22 2008, Mike McGrath wrote:

> Now, I've never actually done this.  It's just my understanding that it'd
> work that way.  If you had root on a box and I sshed there with my ssh
> key, would you not have access to take the key and log in to other boxes
> as me?
>
> So my question is, is this a real risk or is there a precaution in SSH
> preventing the attack i'm describing (basically a man in the middle type
> attack)

Afaik this attack is not possible with ssh because a user signs some 
information that is unique to the current session and contains among other 
things a hash of the host key that the user wants to login to.

Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080522/3cb7cc82/attachment.sig>


More information about the Fedora-infrastructure-list mailing list