]] Philipp Kern > On Sun, Jul 27, 2014 at 08:40:03AM -0700, tony mancill wrote: > > It seems like with Ganneff's trigger mechanism, one attack vector is to > > steal a backup of the passphraseless key and spoof the source IP - now > > you can run the trigger at will. Having a passphrase on the key could > > at least slow the attacker down. I could imagine using ssh-cron > > together with "command=" for a higher level of security. > > Uhm, spoof the source IP? This is not UDP, you'd also need to get traffic back > redirected to you.
That's harder and more visible, but not impossible. BGP hijacks do happen, intentionally and not. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87wqayd40p....@xoog.err.no
