22 Sep
2002
22 Sep
'02
7:37 a.m.
On Sun, 22 Sep 2002, Richard A Steenbergen wrote:
On Sun, Sep 22, 2002 at 01:11:07PM +0200, Iljitsch van Beijnum wrote:
There are also people ssh'ing to personal and corporate machines from the terminal room where the root password is given out or easily available.
Are you saying people shouldn't SSH?
I've seen far too many people get into trouble because they have some flawed thinking that "ssh == always secure", even against compromises of one of the endpoints. If root is available, a reasonable person should ASSUME that some bored individual (like Bandy Rush) has taken 30 seconds and recompiled the ssh binaries with a password logger.
Excellent point. Fortunately, this doesn't apply to running SSH from your laptop over the wireless network.