Bookmark / Share this MattG
03-06-2005, 10:57 PM
Hey Everyone,
Where i work for a software company, we support Sun Solaris 2.8 and 2.9.
Little background of the software first. Mainly, its a Network Management Suite. However, we have the ability to launch an SSH client against the selected model you have, say a router.
Now, in this scenario we have 3 machines.
1 - The Server
2 - The Device
3 - The Machine you are connecting from
I set my fourth machine to snoop box number 3. I proceed to connect to Machine number 1 from Machine 3. I have connected to Number 2 via SSH java ssh client. I logged in, did a few things, yada yada, logged out.
I stopped the Trace, and opened ethereal to view it. Now, it is encrypted for the most part. Aside from giving me the user name i logged in with (root), it does not give me the password. Which is how it is designed (ssh that is).
I am just wondering if there is some other way i should be aware of that could give this password away. Some sort of Script Kiddie thing, something that can run locally if said were hacked, etc.
Reason i am asking is because i was asked by a customer (i am in support here) if the line was secure from machine 3 to 1, knowing that it launches a SSH session from 1 to 2. and NOT from machine 3 to 2.
However, it does appear to me that its secure for the most part.
Thanks for any help guys.
-Matt
Where i work for a software company, we support Sun Solaris 2.8 and 2.9.
Little background of the software first. Mainly, its a Network Management Suite. However, we have the ability to launch an SSH client against the selected model you have, say a router.
Now, in this scenario we have 3 machines.
1 - The Server
2 - The Device
3 - The Machine you are connecting from
I set my fourth machine to snoop box number 3. I proceed to connect to Machine number 1 from Machine 3. I have connected to Number 2 via SSH java ssh client. I logged in, did a few things, yada yada, logged out.
I stopped the Trace, and opened ethereal to view it. Now, it is encrypted for the most part. Aside from giving me the user name i logged in with (root), it does not give me the password. Which is how it is designed (ssh that is).
I am just wondering if there is some other way i should be aware of that could give this password away. Some sort of Script Kiddie thing, something that can run locally if said were hacked, etc.
Reason i am asking is because i was asked by a customer (i am in support here) if the line was secure from machine 3 to 1, knowing that it launches a SSH session from 1 to 2. and NOT from machine 3 to 2.
However, it does appear to me that its secure for the most part.
Thanks for any help guys.
-Matt
Post a reply, see related topics & more