Re: OT- How is secure is a ssh session?
Incoming from D Scavella:
> I am not sure if my understanding of (Open)ssh is
> accurate so I am putting this to the list.
> Here is the scenario and I want to know how safe my
> sessions via ssh are?
> On the server is OpenSSH 3.4p1 SSH protocols 1.5/2.0.
> I generated a key for me@server and a password. So
> logging in is $ssh -i identity-me(servername)key
> me@(serverdomainname.com)
> Enter passphrase for RSA key 'identity.....key
> after entering password for key I am now logged in as
> reg user. There are no root logins allowed via ssh. So
> now as reguser I can su to root after entering root
> password. Auto-logouts after about 15 minutes of
> inactivity. Though when I was having alot of problems
> with connectivity I would keep ssh session open by
> doing "ping -i 15 myhomepc.mydomain" . It seems that
> the time issues and connectivity issues were bios
> powermanagement issues that I have resolved. The
> question still remains in my mind though- With the
> above scenario- ssh with key & RSA password, no root
> log-in & LIDS how safe is having a session open for
> hours?
> Any comments/opinions?
Sounds about as safe as the lock on your office door. Assuming no-one
cracks into your user account (or otherwise onto the system) and
installs a keyboard sniffer (unlikely, but certainly possible), ssh is
least likely to be the weak link.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
Reply to: