[nycbug-talk] Analyzing malicious SSH login attempts

George Georgalis george at galis.org
Tue Sep 12 13:24:51 EDT 2006


On Tue, Sep 12, 2006 at 12:29:53PM -0400, michael wrote:
>On Tue, 12 Sep 2006 11:52:26 -0400
>csnyder <chsnyder at gmail.com> wrote:
>
>> But you encrypted that key using a strong passphrase, right? They
>> would have to get your desktop while ssh-agent was running.
>
>well.. I don't shut down my home PC when I walk away.  It is usually
>running.  But I do lock the apartment door [grin]. 

you do lock the screen, logout, or otherwise make the agent
unavailable, right?

UsePam No

Use usb dive (with your private key), on your keychain, yes.

There was some resolution (at openbsd I think) to encrypt
the known_hosts entries with the remote host public key;
so if your authentication was compromised, at least there
wouldn't be a list a hosts for the attacker to look up.
But I've not seen it in my OS yet.

Maybe something similar should be done with .ssh/config?

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><



More information about the talk mailing list