FAS and public Key auth
Till Maas
opensource at till.name
Thu May 22 14:01:52 UTC 2008
On Thu May 22 2008, Mike McGrath wrote:
> Now, I've never actually done this. It's just my understanding that it'd
> work that way. If you had root on a box and I sshed there with my ssh
> key, would you not have access to take the key and log in to other boxes
> as me?
>
> So my question is, is this a real risk or is there a precaution in SSH
> preventing the attack i'm describing (basically a man in the middle type
> attack)
Afaik this attack is not possible with ssh because a user signs some
information that is unique to the current session and contains among other
things a hash of the host key that the user wants to login to.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20080522/3cb7cc82/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list