[ale] I was hacked!

Jim Kinney jim.kinney at gmail.com
Mon Nov 4 17:18:10 EST 2019


Bad person gets user access. Then uses ssh key to access another system the compromised user has sudo on. Bad person doesn't have sudo access unless they have compromised user's password or sysadmin gave out no password sudo.

On November 4, 2019 4:57:28 PM EST, Byron Jeff via Ale <ale at ale.org> wrote:
>I thought the same in the first minute, but realized that it doesn't
>add
>any operational security. If machine A, user B is compromised (B at A) and
>B's key's are used to login to B at C using keys, and B has sudo access,
>then it's
>trivial for the hacker to login to B at C, change B's password on C, then
>use
>it to gain root access on C.
>
>I almost start to wonder if passwordless keys really improve security.
>
>BAJ
>
>On Mon, Nov 04, 2019 at 04:10:41PM -0500, dj-pfulio via Ale wrote:
>>  >> directly. Perhaps 2006?  First thing I do on any new machine is
>add an
>> >> account with sudo rights.
>> > 
>> > I don't see the operational difference between ssh'ing into root
>(using a
>> > key) and ssh'ing into another account using a key and then sudo'ing
>to
>> > root.  You're still getting into the machine via a key?
>> > 
>> 
>> 2 authentication levels seems to be better than 1, but everyone has
>different requirements.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>-- 
>Byron A. Jeff
>Associate Professor: Department of Computer Science and Information
>Technology
>College of Information and Mathematical Sciences
>Clayton State University
>http://faculty.clayton.edu/bjeff
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>https://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

-- 
Sent from my Android device with K-9 Mail. All tyopes are thumb related and reflect authenticity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20191104/82d4f3e6/attachment.html>


More information about the Ale mailing list