Re: Accounts on debian.org machines

To: debian-devel@lists.debian.org
Subject: Re: Accounts on debian.org machines
From: Matthew Garrett <mgarrett@chiark.greenend.org.uk>
Date: Mon, 08 Dec 2003 03:18:53 +0000
Message-id: <[🔎] E1ATBvB-0007Sg-00@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20031207215846.GA7722@quetzlcoatl.dodds.net>
References: <87ptf0v8rr.fsf@yiwaz.raw.no> <20031207194456.GB582@dijkstra.csh.rit.edu> <[🔎] 87isksv0dy.fsf@yiwaz.raw.no> <[🔎] 87isksv0dy.fsf@yiwaz.raw.no> <[🔎] 20031207215846.GA7722@quetzlcoatl.dodds.net>

Steve Langasek wrote:

>But an ssh key on removable media is not vulnerable to keysniffing
>alone, where a password is.

If such behaviour becomes common, the keysniffers will simply copy
anything that looks like an SSH key that exists on an item of removable
media. There's no inherent increase in security from using a key on a
USB device other than the fact that attackers aren't thinking about that
yet.
-- 
Matthew Garrett | mjg59-chiark.mail.debian.devel@srcf.ucam.org

Reply to:

Follow-Ups:
- Re: Accounts on debian.org machines
  - From: David B Harris <david@eelf.ddts.net>
- Re: Accounts on debian.org machines
  - From: Scott James Remnant <scott@netsplit.com>
- Re: Accounts on debian.org machines
  - From: Niall Young <niall@chime.net.au>

References:
- Re: Accounts on debian.org machines
  - From: Tollef Fog Heen <tfheen@raw.no>
- Re: Accounts on debian.org machines
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Authentication enhancements (was Re: Backport of the integer overflow in the brk system call)
Next by Date: Re: exim4-config and exim4-base installed on systems with non-exim-MTA
Previous by thread: Re: Accounts on debian.org machines
Next by thread: Re: Accounts on debian.org machines
Index(es):
- Date
- Thread