Incoming from D Scavella: > I am not sure if my understanding of (Open)ssh is > accurate so I am putting this to the list. > Here is the scenario and I want to know how safe my > sessions via ssh are? > On the server is OpenSSH 3.4p1 SSH protocols 1.5/2.0. > I generated a key for [EMAIL PROTECTED] and a password. So > logging in is $ssh -i identity-me(servername)key > me@(serverdomainname.com) > Enter passphrase for RSA key 'identity.....key > after entering password for key I am now logged in as > reg user. There are no root logins allowed via ssh. So > now as reguser I can su to root after entering root > password. Auto-logouts after about 15 minutes of > inactivity. Though when I was having alot of problems > with connectivity I would keep ssh session open by > doing "ping -i 15 myhomepc.mydomain" . It seems that > the time issues and connectivity issues were bios > powermanagement issues that I have resolved. The > question still remains in my mind though- With the > above scenario- ssh with key & RSA password, no root > log-in & LIDS how safe is having a session open for > hours? > Any comments/opinions?
Sounds about as safe as the lock on your office door. Assuming no-one cracks into your user account (or otherwise onto the system) and installs a keyboard sniffer (unlikely, but certainly possible), ssh is least likely to be the weak link. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
