On Tue, Sep 27, 2005 at 11:36:22PM -0500, C. Bensend wrote: > 1) Log into system via ssh skey, which is a one-time auth method > 2) Type 'sudo farfegnugen blahblah yadda' > 3) Log out
You're assuming that the keys you press are transmitted unmodified to your server. Since the terminal is not under your control, there's no reason why it can't send, e.g., "sudo rm -rf /" all by itself after it sees you're logged in. And this is just one example. -- Jurjen Oskam
