Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Re: Why Install Telnet by Default?
  • From: Randall R Schulz <rschulz@xxxxxxxxx>
  • Date: Thu, 8 Dec 2005 22:38:45 -0800
  • Message-id: <200512082238.45723.rschulz@xxxxxxxxx>
Henning,

On Thursday 08 December 2005 22:18, Henning Hucke wrote:
> On Thu, 8 Dec 2005, Randall R Schulz wrote:
> > [...]
> > I'm surprised so many very security-conscious people think that
> > passwordless is such a good thing. Now you've made physical access
> > to your computer all that is required to gain access to all the
> > other hosts for which you've set up passwordless access. What's
> > more, from the perspective of the administrators of those systems,
> > it's you who has accessed their resources and you'll get the blame,
> > at least initially, for any malicious actions.
>
> Erm... Passwordless access to the other computers implies in the case
> of SSH that you first enable the necessary keys with your passphrase
> for your session. And even this you can cut down to the need to
> /regularly/ reauthenticate.

E.g., my office mate has passwordless access set up for all the hosts he
regularly accesses (my company has literally thousands of hosts, of
which we need to interact with dozens, if not hundreds, on a fairly
regular basis).

All I have to do is walk over to his desk, say, when he goes to lunch,
and do things that no one can readily tell were not done by him.

On the other hand, he cannot do the reverse to me, since I haven't set
up passwordless access to any of these hosts.


> I don't get your point though.

Now?


> Best regards
> Henning Hucke


Randall Schulz

< Previous Next >