> -----Original Message-----
> From: Jeff Turner [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 20, 2000 7:53 PM
> On Mon, 20 Nov 2000, Dave Dykstra wrote:
>
> > On Sat, Nov 18, 2000 at 02:08:00PM +1100, Jeff Turner wrote:
> > > Auto-login means that if any user's machine is
> compromised, the attacker
> > > has an account on the server too! The ssh auto-login
> feature allows
> > > users to create "webs of trust" completely outside the
> control of the
> > A very smart security expert successfully pursuaded me that
> if a user's
> > machine is compromised, all bets are off. It makes no
> difference whether
> > you use passwords/passphrases or not, the cracker can still
> get in to the server.
It was demonstrated to me, how trivial "cracking root" was, once someone
obtains a shell account. Even with a shadow file.
> So.. let's say user Joe's home computer is rooted. Must we
> now assume that
> the attacker has access to Joe's user account on the server?
Yes. A root-kit installation will shortly follow.
> Because a sysadmin has no control over a user's computer, the safest
> assumption is then that all user's home computers are compromised,
> and therefore so are their accounts on the server.
>
> So the only thing a sysadmin can really do is make sure that
> users can't
> hurt the system EVER.
No can do. Rather, the only way to do this is to not have users.
> > The vital thing is to secure the user's machine, not introduce
> > artificial barriers that don't make any difference anyway.
>
> Hear hear :)
