On Sat, Apr 07, 2001 at 02:53:13AM +0100, M. Drew Streib wrote:
> The net-net is:
>
> On the box accepting the connection w/o a password from another box with
> the private key, the security of the accepting box is _only_ as good as
> the account on the originating box.
Strike that "w/o a password" and I agree. Here is the principle I try to
teach people:
If any host is broken into, NO MATTER WHAT AUTHENTICATION MECHANISM
IS USED to connect from there to a second host, the second host can
also be broken into.
If your password has to pass through the compromised host, it can be
discovered.
The vulnerability on the second host can be limited only by what the
compromised host is permitted to do on the second host, such as some of the
schemes that have been discussed here with the ssh authorized_keys.
- Dave Dykstra
