Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: stealing ssh keys
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Wed, 24 Oct 2012 13:59:00 -0700

I think you're over reacting just a bit.  You can give out your private key to whomever/whatever you want to be able to 
decrypt data encrypted with the public key.  It all depends on the use-case, and what you want done.  Just because its 
a private key doesn't mean it's automatically some critical security component.   Many times it is, but it doesn't have 
to be. 

t

Sent from whatever device will keep us from debating which one is better.

On Oct 24, 2012, at 10:59 AM, Jacqui Caren <jacqui.caren () ntlworld com> wrote:

On 23/10/2012 16:07, Daniel Sichel wrote:

Hello everybody:
     environment is A is hacker client? B is target and C is Manager

center and C have all A and B private key.

WTF! Why would anyone C or B or even A give out a PRIVATE key.
Does no one RTFM - you never ever give out your private key
and you protect it to heck and back.

     C are open 80,22. And this is http's 403 state on the C.
     I have A's root,how to steal private key On the C. Are there have
some vuln with openssh.
     Is there some impossible which C login in to the A and B when A and B
let C run some bash.


OK, I am a total n00b here but I do not see how having an ssl connection would help reveal an SSH key.  Our 
organization generates our root certs separate from, and unrelated to SSH keys.. I do not see how SSL access in and 
of itself, helps get at SSH keys, If it does, let me know, I bank at Chase and that would be darn handy to know 
(believe me, they have it coming)!

This is full disclosure not "help a student do his homework".
My advice: give him a very blatantly stupid answer - let him get "null 
points" from teacher :-)

Jacqui


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]