On Thu, Feb 24, 2000 at 05:31:35PM -0500, Brian Caswell wrote: > The only thing that is required for the client system to be compromised > is for the client to remotely log via ssh (with X11 forwarding enabled) > into a compromised server. And of course the sshd binary can be trojaned, your agent connections can be hijacked, passwords logged, etc. So Add ForwardAgent no to that host * stanza, only log in with an RSA identity, and run ssh -v to see if anything weird happens. The SSH protocol trusts the server. If you don't, tread very carefully. -- David Terrell | "Any sufficiently advanced technology Prime Minister, Nebcorp | is indistinguishable from a rigged demo." dbtat_private | - Brian Swetland http://wwn.nebcorp.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:23 PDT