Am Do, den 12.08.2004 schrieb John Lagrue um 18:18:
>>>That has the severe downside, that if someone got on the
system as an
>>>unprivileged user he could sniff while you are su'ing to root, which is
>>>not successful if you ssh in as root using publick key authentication
>>>rather than password authentication.
>>Your saying that if you use ssh2 to connect to a server and
the su to
>>root that they can sniff your root password?
>I believe what he is saying is that if someone is already
sniffing, then
>they will get the root password.
IN that case might I respectfully suggest that he's wrong. If you
connect via ssh then all traffic between the ssh client and the server
is encrypted. So it doesn't matter what is typed in the client -
sniffing will only give gobblegook.
JDL
I was not speaking about the network transfer between client and server.
I thought this was obvious. I was speaking about the possibility to
locally, on the SSHD system itself, to sniff password entries when
running "su".
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp
Serendipity 18:41:21 up 8 days, 12:09, load average: 1.17, 1.36, 1.29