Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Security Threat' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security Threat
Authored by: David on Apr 22, '04 09:32:51AM

Well, root can become you and then get in that way. But the root user can't directly contact your host and get in using your public/private key.

But yeah, if you don't trust your admin, don't store ANYTHING you don't want him to see on the computer he runs.



[ Reply to This | # ]
Security Threat
Authored by: gustou on Apr 22, '04 10:12:09AM

To explain what I want to say a little more let's have a simple scenario.

I own a laptop. I am the only root in this computer. All my pub/priv keys are securely stored in this computer.

But I am in a company and I often ssh to other computers. So I use ssh-agent.

Then if I do a ssh on a computer B then any root user on B can use my agent (even wihtout getting the pub/priv keys pair) and ssh to any computer that I usually use. This without beeing asked for a password.

In other words don't access a computer whose admin are "untrused"

If I'm not clear please don't hesitate to dop me a line :)



[ Reply to This | # ]