MORE SSH Hacking: heads-up

Brad Smith usernamenumber at gmail.com
Thu Aug 12 17:13:36 UTC 2004


> I was not speaking about the network transfer between client and server.
> I thought this was obvious. I was speaking about the possibility to
> locally, on the SSHD system itself, to sniff password entries when
> running "su".
>

Ok, I'll go ahead and risk embarrassment in the name of enlightenment
and ask: If the traffic between client and server is encrypted, even
with access to the sshd system, how does one "sniff" traffic sent
between two local processes (sshd and su) without a keylogger, which
wouldn't apply since the keyboard in question is on the client-side?

Is there some technique for eavesdropping on inter-process
communications that I don't know about, then, or did I just
misunderstand you?

--Brad





More information about the fedora-list mailing list