[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] stealing ssh keys

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] stealing ssh keys
From: Daniel Sichel <daniels@xxxxxxxxxxxxxxxx>
Date: Tue, 23 Oct 2012 15:07:16 +0000

> Hello everybody:
>      environment is A is hacker client? B is target and C is Manager
> center and C have all A and B private key.
>      C are open 80,22. And this is http's 403 state on the C.
>      I have A's root,how to steal private key On the C. Are there have
> some vuln with openssh.
>      Is there some impossible which C login in to the A and B when A and B
> let C run some bash.


OK, I am a total n00b here but I do not see how having an ssl connection would 
help reveal an SSH key.  Our organization generates our root certs separate 
from, and unrelated to SSH keys.. I do not see how SSL access in and of itself, 
helps get at SSH keys, If it does, let me know, I bank at Chase and that would 
be darn handy to know (believe me, they have it coming)!

Cheers,
Dan Sichel
Ponderosa Telephone

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] stealing ssh keys
  - From: Jacqui Caren

Prev by Date: [Full-disclosure] Google Numbers Search
Next by Date: [Full-disclosure] HP/H3C and Huawei SNMP Weak Access to Critical Data
Previous by thread: Re: [Full-disclosure] Google Numbers Search
Next by thread: Re: [Full-disclosure] stealing ssh keys
Index(es):
- Date
- Thread