Home page logo

fulldisclosure logo Full Disclosure mailing list archives

stealing ssh keys
From: Daniel Sichel <daniels () ponderosatel com>
Date: Tue, 23 Oct 2012 15:07:16 +0000

Hello everybody:
     environment is A is hacker client? B is target and C is Manager
center and C have all A and B private key.
     C are open 80,22. And this is http's 403 state on the C.
     I have A's root,how to steal private key On the C. Are there have
some vuln with openssh.
     Is there some impossible which C login in to the A and B when A and B
let C run some bash.

OK, I am a total n00b here but I do not see how having an ssl connection would help reveal an SSH key.  Our 
organization generates our root certs separate from, and unrelated to SSH keys.. I do not see how SSL access in and of 
itself, helps get at SSH keys, If it does, let me know, I bank at Chase and that would be darn handy to know (believe 
me, they have it coming)!

Dan Sichel
Ponderosa Telephone

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]