Date: Tue, 29 Jun 1999 08:40:51 +0200 (MET DST) From: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> To: security@FreeBSD.ORG Subject: Re: ssh from windows Message-ID: <Pine.SO4.4.05.9906290827060.2031-100000@nenya> In-Reply-To: <Pine.BSF.4.01.9906281520590.16460-100000@phoenix.aye.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jun 1999, Barrett Richardson wrote: > > > On Thu, 24 Jun 1999, Dan Langille wrote: > > > > The password you enter is the password for your account. > > > > Granted. I was worried they were transmitting the password in clear text. > > Oh. The client encrypts it with the public key sent by the server - but > the server's private key isn't passphrase protected (it is, however, > readable only by root -- unless you change it). I'm afraid you are wrong. The RSA keys stored on disk are used for host authentication only. Passwords (and all other session data) are encrypted by a ``session key'', which is generated every (?3?) hours, and is not stored anywhere. And is not bound to RSA, the session encryption uses other encryption algorithms (with not that much overhead). Like blowfish, idea ... and I think, it generally uses shorter keys. However, if you are root, you can attach to the sshd process, and get the session keys out of its memory ... BTW, is there any way of limiting attaching to system processes at higher securelevels? I was thinking about attaching to init (because "init can lower securelevel"), but I received a "permission denied" at securelevel 2, and a signal 11 at securelevel -1 ???? I don't know why, I received it not only in 'gdb `which init` 1', but also in a later 'gdb `which gdb` gdb.core' ... is init protected against debugging in a special way? Vladimir Mencl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SO4.4.05.9906290827060.2031-100000>