Date: Fri, 1 Jun 2001 11:35:22 +0200 From: Borja Marcos <borjamar@sarenet.es> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <0106011135220C.87883@borja.sarenet.es> In-Reply-To: <20010601023051.A54447@xor.obsecurity.org> References: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <01060109174003.87883@borja.sarenet.es> <20010601023051.A54447@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 01 June 2001 11:30, Kris Kennaway wrote: But B can request that A authenticate you to any other host, at any > time during the lifetime of the A-B agent forwarding connection, using > your RSA key on A. Even though B can't get your key itself, it can > authenticate as you as often as it likes, to as many systems as it > likes, as long as that agent forwarding channel is available. That's > the next best thing, because when you obtain access to a system once, > in general (not always) it's fairly easy to retain access > indefinitely. Of course. That't why I want an external device. Something like an iButton, which you could plug *only* whenever you want to authenticate. Once authenticated, you disconnect it and the agent can no longer authenticate. Now I am playing with an HP calculator. It could be a fairly acceptable solution to store the keys and authenticate, and the screen could warn the user (and ask for a password) whenever a remote authentication request arrives. Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0106011135220C.87883>