solid backdoor using certificates?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
consider the following setup:

- Server running SSH2 with logon with signatures using "authorized_keys" for
certain users
- Someone hacked the system (somehow - doesn't matter here) and gained root

What if he'd paste his own public signature in ALL .ssh/authorized_keys
files he can find,
making it possible for him to use ALL those users as backdoors to come back
later on.

usually, he would have created his own user (in /etc/passwd) which is quite
easy to
locate if you're the admin.

BUT with signatures (and the hacker's public-key in place), he'd be able to
even if all users changed their local passwords OR even the local
passphrases for their private

I'd consider this quite a vulnerability - or am I mistaken?

Re: solid backdoor using certificates?

Quoted text here. Click to load it

*sigh* - I am totally aware of that, BUT what I meant was, that if the
hacker was able to break in unnoticed, he would be able to keep silent - and
way easier than having to modify "passwd" and "shadow" to open a backdoor...
(I am not talking about the "breaking-in" part, but about the
"staying-unnoticed" part of intrusion)

Site Timeline