Forgot your password?

Overconfidence in SSH Protection 194

Posted by Zonk
from the don't-be-too-proud-of-this-technological-terror dept.
nitsudima writes to mention a post on the Informit site about the common misunderstandings surrounding SSH, and how well-intentioned admins may be creating holes in their own security by using it. From the article: "In UNIX, all things are files. To send network traffic, UNIX writes the traffic to the network device file. In this case, the connection to Box A (and that private key used for authentication) is a socket file. This file will shuttle the authentication traffic between Box A and Box P. So what's the risk? Maybe the hacker can't get a copy of the private key through the socket file, but something better (from his/her view) can be done. If the hacker has root on Box D, he or she can point a private copy of the agent forwarding software to that socket file and thereby point the authentication process to the administrator's credentials--the ones kept on the 'safe' intranet. What are the chances that the administrator has configured access to all the DMZ servers he controls?"
This discussion has been archived. No new comments can be posted.

Overconfidence in SSH Protection

Comments Filter:
  • by louzerr (97449) <Mr,Pete,Nelson&gmail,com> on Saturday May 27, 2006 @08:23AM (#15415397) Homepage
    ... and your e-mail administrator can read your e-mail ... ... and your network administrator can see what web sites you're visiting ... ... and your ISP can watch your internet traffic ... ... and the NSA can listen to your phone ...

    So, the real trick is just to live a life so borring none of these people will care to spy on you. Not all that hard, really. Considering you're on /. - you're probably doing okay.

Going the speed of light is bad for your age.