SCIENTIFIC-LINUX-USERS Archives

October 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security Breach
From:
Brett Viren <[log in to unmask]>
Reply To:
Brett Viren <[log in to unmask]>
Date:
Thu, 2 Oct 2008 11:51:14 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (22 lines) 
Rhys Morris <[log in to unmask]> writes:

> The disadvantage of ssh keys was made clear to us recently when a
> machine in a different University was root compromised. The attackers
> stole all the ssh keys they could find, and briefly obtained access to
> my systems via the account of a former student.
>
> Should you allow ssh key access from machines you have no control
> over?

Are there any remote login mechanisms that would stay secure in light
of a root compromise?  

For example, you could make your server only allow one-time passwords
which would be very secure since the secret is not even stored on the
compromised machine.  However, the SSH client could be trojaned to
always force "master" mode to be on and to allow a legitimate
connection to be shared for subsequent illegitimate connections by the
intruder.

-Brett.

ATOM RSS1 RSS2