Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: History Files

From: 11a () GMX NET (Bluefish)
Date: Mon, 17 Apr 2000 13:42:24 +0200

Uhm, I would like to raise another question: what kind of risks are you
ready to take to log keystrokes? Logging keystrokes to another box seems
like a rather advance thingy to do securely, won't you risk making SSH far
less secure? Even assuming you do encryption, will the authentication be
done correctly?

I feel rather sure that I don't want to run a sshd hacked by a thirdparty.

If you aren't using sshd, it's another matter. You've allready chosen a
weak security level and the extended logging won't affect your security
standard much.


What you're essentially talking about is keystroke logging.  This should
_not_ be done at the shell level.  Hack your telnetd, rexecd, rshd,
sshd (etc.) to log keystrokes to a file.  To another box if you're
really paranoid.


..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: