[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ssh security hole?
Tatu Ylonen writes:
> (I'll forward your message to a couple of lists where it might be
> of interest; the original message is at end.)
>
> I think you are right in your analysis. There is indeed a problem
> with RSA authentication. Basically what this means is that if you log
> into a corrupt host, that host can at the same time log into another
> host with your account (by fooling you to answer to the request)
> provided that you use the same RSA identity for both hosts.
>
> A workaround is to use a different identity for each host you use.
> The default identity can be specified on a per-host basis in the
> configuration file, or by -i options.
Might I suggest that a better solution would be to adapt the station
to station protocol, or, even better, Photuris...
.pm