Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Security Threat' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security Threat
Authored by: kholburn on Apr 21, '04 06:29:33PM

I use SSHKeychain. It keeps sshagent key passwords in the Keychain and turns them off if the screen saver is on. (Look for it on versiontracker)



[ Reply to This | # ]
Security Threat
Authored by: gustou on Apr 21, '04 06:41:45PM

Don't forget that any root on a machine you're connected has acces to all the box you can log on without password.



[ Reply to This | # ]
Security Threat
Authored by: David on Apr 22, '04 09:32:51AM

Well, root can become you and then get in that way. But the root user can't directly contact your host and get in using your public/private key.

But yeah, if you don't trust your admin, don't store ANYTHING you don't want him to see on the computer he runs.



[ Reply to This | # ]
Security Threat
Authored by: gustou on Apr 22, '04 10:12:09AM

To explain what I want to say a little more let's have a simple scenario.

I own a laptop. I am the only root in this computer. All my pub/priv keys are securely stored in this computer.

But I am in a company and I often ssh to other computers. So I use ssh-agent.

Then if I do a ssh on a computer B then any root user on B can use my agent (even wihtout getting the pub/priv keys pair) and ssh to any computer that I usually use. This without beeing asked for a password.

In other words don't access a computer whose admin are "untrused"

If I'm not clear please don't hesitate to dop me a line :)



[ Reply to This | # ]