Date: Fri, 1 Jun 2001 02:30:51 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Borja Marcos <borjamar@sarenet.es> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601023051.A54447@xor.obsecurity.org> In-Reply-To: <01060109174003.87883@borja.sarenet.es>; from borjamar@sarenet.es on Fri, Jun 01, 2001 at 10:29:02AM %2B0200 References: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <01060109174003.87883@borja.sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 01, 2001 at 10:29:02AM +0200, Borja Marcos wrote: > On Friday 01 June 2001 02:28, you wrote: > > based on what i've read this morning, it wouldn't have made > > all that much of a difference. aparently the compromised > > version of ssh recorded passphrases, and keys. > > > > i don't see how else you could have avoided this problem. >=20 > If you use an authentication agent the keys are kept in your computer. I= f=20 > you ssh from A to B and from B to C, the challenge used for the=20 > authentication is sent from C through B to A. This means that a compromis= ed=20 > ssh client in B cannot log any keys.=20 But B can request that A authenticate you to any other host, at any time during the lifetime of the A-B agent forwarding connection, using your RSA key on A. Even though B can't get your key itself, it can authenticate as you as often as it likes, to as many systems as it likes, as long as that agent forwarding channel is available. That's the next best thing, because when you obtain access to a system once, in general (not always) it's fairly easy to retain access indefinitely. Kris --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7F2DKWry0BWjoQKURAmCEAJ9Rra2H+/QTyCuXGqpFGOcNjwIzQwCfeLWl DnHZEfS/ODXjc40CKdJQ/hM= =3eVi -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601023051.A54447>