Full Disclosure: stealing ssh keys

stealing ssh keys

From: Daniel Sichel <daniels () ponderosatel com>
Date: Tue, 23 Oct 2012 15:07:16 +0000

Hello everybody:
     environment is A is hacker client? B is target and C is Manager
center and C have all A and B private key.
     C are open 80,22. And this is http's 403 state on the C.
     I have A's root,how to steal private key On the C. Are there have
some vuln with openssh.
     Is there some impossible which C login in to the A and B when A and B
let C run some bash.



OK, I am a total n00b here but I do not see how having an ssl connection would help reveal an SSH key.  Our 
organization generates our root certs separate from, and unrelated to SSH keys.. I do not see how SSL access in and of 
itself, helps get at SSH keys, If it does, let me know, I bank at Chase and that would be darn handy to know (believe 
me, they have it coming)!

Cheers,
Dan Sichel
Ponderosa Telephone

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

stealing ssh keys Daniel Sichel (Oct 23)
- Re: stealing ssh keys Jacqui Caren (Oct 24)
  - Re: stealing ssh keys Thor (Hammer of God) (Oct 24)
    - Re: stealing ssh keys Raj Mathur (राज माथुर) (Oct 25)
- <Possible follow-ups>
- Re: stealing ssh keys Ivaylo Hubanov (Oct 26)
  - Re: stealing ssh keys Thor (Hammer of God) (Oct 26)
    - Re: stealing ssh keys Jeffrey Walton (Oct 26)
  - Re: stealing ssh keys Raj Mathur (राज माथुर) (Oct 27)
    - Re: stealing ssh keys gold flake (Oct 29)
    - Re: stealing ssh keys Jeffrey Walton (Oct 29)