6 Aug
2000
6 Aug
'00
00:14
On Sat, 05 Aug 2000, JF wrote:
But they can only login as you the USER. They can never sniff the root password, as your "su root" password is always encrypted.
This is how I understand it. Even though the root passwd is encrypted on the box it is still sent accross the wire in plain text, therefore sniffable.
Maybe you cam to the thread ot of sequence? What I meant was, during an SSH session, the su root password is encrypted across the wire. Pretty much the only places it is plaintext are the keyboard driver and login/pam. But my point was that if your user password is sniffed from a POP session, then leet can sprinkle your path with trojans, which might sniff your su password and steal it. Thats all. dproc