Date: Sun, 23 Jan 2000 21:04:21 +0100 From: "H. Eckert" <ripley@nostromo.in-berlin.de> To: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000123210421.A90963@server.nostromo.in-berlin.de> In-Reply-To: <20000120002132R.1000@eccosys.com>; from sen_ml@eccosys.com on Thu, Jan 20, 2000 at 12:21:32AM %2B0900 References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> <20000120002132R.1000@eccosys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting sen_ml@eccosys.com (sen_ml@eccosys.com): > if you su, don't you have to type in the root password? even if the > session is encrypted, the password still goes over the wire. if you > use rsa key authentication you don't have that particular risk (though > you may have others). There are alternatives to su which don't need the user to have the root password. Besides (assuming encrypted connections) it's not so much a matter about the password being transferred over the wire but whether the user has to know it at all. If he doesn't even have it, it can't be compromised by the user... Greetings, Ripley -- H. Eckert, 10777 Berlin, Germany, http://www.in-berlin.de/User/nostromo/ ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. "(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich anhören?" (Neelix) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000123210421.A90963>