Am Do, den 12.08.2004 schrieb John Lagrue um 18:18: > >>>That has the severe downside, that if someone got on the system as an > >>>unprivileged user he could sniff while you are su'ing to root, which is > >>>not successful if you ssh in as root using publick key authentication > >>>rather than password authentication. > >>Your saying that if you use ssh2 to connect to a server and the su to > >>root that they can sniff your root password? > >I believe what he is saying is that if someone is already sniffing, then > >they will get the root password. > IN that case might I respectfully suggest that he's wrong. If you > connect via ssh then all traffic between the ssh client and the server > is encrypted. So it doesn't matter what is typed in the client - > sniffing will only give gobblegook. > > JDL I was not speaking about the network transfer between client and server. I thought this was obvious. I was speaking about the possibility to locally, on the SSHD system itself, to sniff password entries when running "su". Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp Serendipity 18:41:21 up 8 days, 12:09, load average: 1.17, 1.36, 1.29
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
