Mailing List Archive
tlug.jp Mailing List tlug archive tlug Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]Re: [tlug] bootable linux with sshd
- Date: Wed, 3 Jan 2007 15:05:40 +0900
- From: "Fergal Daly" <fergal@example.com>
- Subject: Re: [tlug] bootable linux with sshd
- References: <875029960701012011u45dca8advd89f700e6a91008@example.com> <875029960701012334m211b2711l6e4b178a281dc8a2@example.com> <459A1304.9060301@example.com> <875029960701020307u5c9f75c1n2d720e843d900294@example.com> <875029960701020824m66a81709i1070d220954f888d@example.com> <Pine.NEB.4.64.0701031016200.1055@example.com> <875029960701021954y3a94ceebu3d8f0cbc97c0f3af@example.com> <Pine.NEB.4.64.0701031323590.1055@example.com> <875029960701022056m6d1179cdxd196f274d4b74a8b@example.com> <Pine.NEB.4.64.0701031418300.1055@example.com>
On 03/01/07, Curt Sampson <cjs@example.com> wrote:On Wed, 3 Jan 2007, Fergal Daly wrote:
> Someone with access to my hardware could key-sniff my ssh passphrase > and sudo password.
Not necessarially. Sniffing that stuff would require a different sort of access, a different level of expertise, and possibly different equipment from what's necessary merely to copy a file from the disk.
Unless you audit your computer regularly, someone could slip a rootkit on in about the time it takes to reboot your computer. Unless you have encrypted disks etc.
> I am not defending myself against this attack.
That's not really relevant. The question is: what attacks are you defending against, is a defense that requires access to one of your computers holding the private key going to put a significant barrier in the way of at least some of your potential attackers, and what will it cost you to implement this defense?
I'm defending myself against random gits on the net portscanning. If there ever comes a day when someone is desperately trying to hijack _my_ Japanese TV box (while booted into the emergency recovery distro that I hope never to use) enough to come to ireland to physically steal my keys then I think I'm going to have to reevaluate my whole life.
That last bit is the key, really; what I'm saying here is that it looks to me as if it's so cheap that it's well worth doing, and you're saying that it's expensive enough that it's not worth it.
If someone else wants to take my instructions and make it differently secure then they can, I'm under time pressure so it's extra work and testing that I don't want to do. You are not going to convince me that the threat you describe is one _I_ (or many people) should be worried about,
F
- References:
- [tlug] bootable linux with sshd
- From: Fergal Daly
- Re: [tlug] bootable linux with sshd
- From: Fergal Daly
- Re: [tlug] bootable linux with sshd
- From: Al Hoang
- Re: [tlug] bootable linux with sshd
- From: Fergal Daly
- Re: [tlug] bootable linux with sshd
- From: Fergal Daly
- Re: [tlug] bootable linux with sshd
- From: Curt Sampson
- Re: [tlug] bootable linux with sshd
- From: Fergal Daly
- Re: [tlug] bootable linux with sshd
- From: Curt Sampson
- Re: [tlug] bootable linux with sshd
- From: Fergal Daly
- Re: [tlug] bootable linux with sshd
- From: Curt Sampson
Home | Main Index | Thread Index
- Prev by Date: Re: [tlug] bootable linux with sshd
- Next by Date: [tlug] Call for TLUG presenters for 2007-01-13 meeting
- Previous by thread: Re: [tlug] bootable linux with sshd
- Next by thread: Re: [tlug] bootable linux with sshd
- Index(es):
Home Page Mailing List Linux and Japan TLUG Members Links