Rhys Morris <[EMAIL PROTECTED]> writes: > The disadvantage of ssh keys was made clear to us recently when a > machine in a different University was root compromised. The attackers > stole all the ssh keys they could find, and briefly obtained access to > my systems via the account of a former student. > > Should you allow ssh key access from machines you have no control > over?
Are there any remote login mechanisms that would stay secure in light of a root compromise? For example, you could make your server only allow one-time passwords which would be very secure since the secret is not even stored on the compromised machine. However, the SSH client could be trojaned to always force "master" mode to be on and to allow a legitimate connection to be shared for subsequent illegitimate connections by the intruder. -Brett.
