Rhys Morris <[log in to unmask]> writes:
> The disadvantage of ssh keys was made clear to us recently when a
> machine in a different University was root compromised. The attackers
> stole all the ssh keys they could find, and briefly obtained access to
> my systems via the account of a former student.
>
> Should you allow ssh key access from machines you have no control
> over?
Are there any remote login mechanisms that would stay secure in light
of a root compromise?
For example, you could make your server only allow one-time passwords
which would be very secure since the secret is not even stored on the
compromised machine. However, the SSH client could be trojaned to
always force "master" mode to be on and to allow a legitimate
connection to be shared for subsequent illegitimate connections by the
intruder.
-Brett.