Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] bootable linux with sshd



On 03/01/07, Curt Sampson <cjs@example.com> wrote:
For this particular case, you've gone right off the rails.

If the attack you're defending against is *only* guessing of the secrets
necessary to log in to that computer, you'd be correct. But in that
case, given that an ssh private key contains very nearly the same amount
of information (i.e., is almost exactly "as long") as an ssh private key
plus two long passphrases, there's no point in using anything but the
ssh key.

However, this is not the attack you're defending against. Nobody's going
to guess that in your lifetime.

So, if they need an ssh key to log in (which they do if you've disabled
password logins), they need to steal it. Someone with access to your
hardware could probably do this without too much difficulty. Once

Someone with access to my hardware could key-sniff my ssh passphrase and sudo password. There is pretty much no defense against someone with access to my hardware (beyond military hardening and tamper proof seals etc). I have never checked whether a software key sniffer has been installed on any of my machines, I probably never will similarly for a hardware key sniffer.

I am not defending myself against this attack. If you genuinely are
defending yourself against this attack then you should really have
even more hardware - like a one-time-secret card etc, otherwise you
are not really defended,

F


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links