From owner-freebsd-security Sun Jan 23 16:32:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vr.IN-Berlin.DE (gnu.in-berlin.de [192.109.42.4]) by hub.freebsd.org (Postfix) with ESMTP id 363FA14D61 for ; Sun, 23 Jan 2000 16:32:24 -0800 (PST) (envelope-from server.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: from uriela.in-berlin.de (root@servicia.in-berlin.de [192.109.42.145]) by mail.vr.IN-Berlin.DE (8.9.3/8.9.3) with ESMTP id BAA22520 for ; Mon, 24 Jan 2000 01:32:22 +0100 (CET) (envelope-from server.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: by uriela.in-berlin.de (Smail-3.2.0.102 1998-Aug-2 #2) id m12CXQZ-0054b4C; Mon, 24 Jan 2000 01:32:19 +0100 (CET) Received: (from ripley@localhost) by server.nostromo.in-berlin.de (8.9.3/8.9.3) id VAA92578 for freebsd-security@FreeBSD.ORG; Sun, 23 Jan 2000 21:04:21 +0100 (CET) (envelope-from ripley) Date: Sun, 23 Jan 2000 21:04:21 +0100 From: "H. Eckert" To: freebsd-security@FreeBSD.ORG Subject: Re: ssh-feature 'backdoor' Message-ID: <20000123210421.A90963@server.nostromo.in-berlin.de> References: <20000119134325.J2167@supra.rotterdam.luna.net> <20000119155203.C8404@is.co.za> <20000120002132R.1000@eccosys.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.95.6i In-Reply-To: <20000120002132R.1000@eccosys.com>; from sen_ml@eccosys.com on Thu, Jan 20, 2000 at 12:21:32AM +0900 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoting sen_ml@eccosys.com (sen_ml@eccosys.com): > if you su, don't you have to type in the root password? even if the > session is encrypted, the password still goes over the wire. if you > use rsa key authentication you don't have that particular risk (though > you may have others). There are alternatives to su which don't need the user to have the root password. Besides (assuming encrypted connections) it's not so much a matter about the password being transferred over the wire but whether the user has to know it at all. If he doesn't even have it, it can't be compromised by the user... Greetings, Ripley -- H. Eckert, 10777 Berlin, Germany, http://www.in-berlin.de/User/nostromo/ ISO 8859-1: Ä=Ae, Ö=Oe, Ü=Ue, ä=ae, ö=oe, ü=ue, ß=sz. "(Technobabbel)" (Jetrel) - "Müssen wir uns diesen Schwachsinn wirklich anhören?" (Neelix) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message