[OpenIndiana-discuss] Who is trying to break in ?
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Wed Jul 1 13:48:48 UTC 2015
On Wed, 1 Jul 2015, Jim Klimov wrote:
>
> You can also boost security with no passwords allowed, keys only for ssh auth ;)
This certainly helps, but a remote compromised machine could still use
those keys to log in to your system. Hopefully users of those keys do
apply a passphrase to them. If the remote machine is compromised,
then the key passphrase could be captured by keystroke logging and the
private key file could be copied at that time.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the openindiana-discuss
mailing list