| 1 |
On 11/10/2015 03:52 PM, wabenbau@×××××.com wrote: |
| 2 |
> |
| 3 |
> That's right. If an attacker has the full control over your machine |
| 4 |
> then it doesn't make any difference. |
| 5 |
> |
| 6 |
> But if he can only see what you are typing, for example by a keylogger |
| 7 |
> or by detecting the electromagentic radiation of your keyboard or by |
| 8 |
> watching your keyboard with a camera, then he can do nothing with the |
| 9 |
> root password of your server when root login with password is forbidden. |
| 10 |
> |
| 11 |
|
| 12 |
I said I would give up but I lied. |
| 13 |
|
| 14 |
The scenario that we're talking about has the user log in via an SSH key |
| 15 |
to some server. Once he's logged in to the server, the user uses "su" or |
| 16 |
"sudo" to become root. This requires that he type the root password. So |
| 17 |
a keyboard camera would still obtain the password. |
| 18 |
|
| 19 |
If you never actually obtain root access, of course you are safe =) |
Archives