Groups | Search | Server Info | Login | Register
Groups > comp.unix.programmer > #17081
| From | cross@spitfire.i.gajendra.net (Dan Cross) |
|---|---|
| Newsgroups | comp.unix.programmer |
| Subject | Re: MacOS TCP port permissions |
| Date | 2026-04-17 15:20 +0000 |
| Organization | PANIX Public Access Internet and UNIX, NYC |
| Message-ID | <10rtj39$ht9$1@reader1.panix.com> (permalink) |
| References | <10rq7hc$1b1bt$1@dont-email.me> <10rt267$1eh57$1@dont-email.me> <10rtel4$jrs$1@reader1.panix.com> <10rtgq7$2h4os$1@dont-email.me> |
In article <10rtgq7$2h4os$1@dont-email.me>, <boltar@caprica.universe> wrote: >On Fri, 17 Apr 2026 14:04:20 -0000 (UTC) >cross@spitfire.i.gajendra.net (Dan Cross) gabbled: >>In article <10rt267$1eh57$1@dont-email.me>, <boltar@caprica.universe> wrote: >>>On Thu, 16 Apr 2026 20:29:37 +0100 >>>A hacked version of ssh could save or forward everything it receives. >> >>Not if it can't read the host key because it doesn't have >>permissions to open the file the key is stored in, and so it > >Why wouldn't it have permissions if a user has set up the whole thing? ...because the file containing the host private key is owned by root, and not the user? And the client has a cached copy of the host public key locally whent hey connect? Unless the attacker is already running as root, in which case, they could just bind to a low port anyway. >>>Crypto is only useful outside of the process, inside its irrelevant. >> >>"Crypto" in this case is about authentication, not just privacy. >>Part of the SSH protocol is mutually authenticating both the >>client _and_ the server using a cryptographically secured key >>exchange. > >Irrelevant. A hacked ssh server could do anything the hacker wants with the >decrypted data. What decrypted data? Authentication of the incoming connection happens when the connection is established, before a session is initiated, and thus before any data is exchanged, let alone "decrypted", and before anything is "run" on the server. If authentication fails, "bash" (which is not the only shell people use) is never invoked. >You do realise the data has to be decrypted by ssh in order to >do anything with it, right? It sounds like you might not have a good handle on how the session is established, and in particular, how it is authenticated. >Or did you think it passed the encrypted stream >direct to bash? Passing a stream of encrypted data to bash is likely to produce nonsense. - Dan C
Back to comp.unix.programmer | Previous | Next — Previous in thread | Next in thread | Find similar
MacOS TCP port permissions boltar@caprica.universe - 2026-04-16 08:44 +0000
Re: MacOS TCP port permissions Geoff Clare <geoff@clare.See-My-Signature.invalid> - 2026-04-16 13:23 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-16 14:48 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-16 20:29 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 10:31 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:04 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 14:41 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 15:20 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 15:50 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 16:09 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:28 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:06 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:26 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:48 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:52 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:59 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 16:12 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:02 +0000
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-18 15:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:58 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:05 +0100
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:01 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 23:50 +0000
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-17 19:56 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-17 13:34 -0700
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 22:53 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 22:56 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-17 16:48 -0700
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 01:56 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:39 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:08 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:28 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:48 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:55 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 15:57 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:00 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-19 13:20 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:34 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-20 12:42 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 14:14 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-20 17:04 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:36 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-18 17:54 -0700
Re: MacOS TCP port permissions baltar@caprica.prime - 2026-04-19 09:08 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-19 13:29 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:35 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 10:45 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-20 09:32 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-20 23:52 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-21 08:27 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:30 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 20:09 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 10:32 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-18 13:02 +0100
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 14:40 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:14 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:29 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:52 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-18 15:57 +0000
Re: MacOS TCP port permissions kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-18 15:59 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 00:24 +0100
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 23:53 +0000
Running sshd on another port does have merit - even if in theory it does not (Was: MacOS TCP port permissions) gazelle@shell.xmission.com (Kenny McCormack) - 2026-04-19 16:01 +0000
Re: Running sshd on another port does have merit - even if in theory it does not kalevi@kolttonen.fi (Kalevi Kolttonen) - 2026-04-19 16:28 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-19 09:03 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-19 10:26 +0100
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-18 17:07 +0100
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-18 22:36 +0000
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-16 23:23 +0000
Re: MacOS TCP port permissions Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2026-04-16 16:34 -0700
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-17 01:00 +0100
Re: MacOS TCP port permissions Nicolas George <nicolas$george@salle-s.org> - 2026-04-17 07:12 +0000
Re: MacOS TCP port permissions Richard Kettlewell <invalid@invalid.invalid> - 2026-04-17 08:54 +0100
Re: MacOS TCP port permissions Nicolas George <nicolas$george@salle-s.org> - 2026-04-17 13:49 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:50 +0000
Re: MacOS TCP port permissions Nuno Silva <nunojsilva@invalid.invalid> - 2026-04-18 09:22 +0100
Re: MacOS TCP port permissions scott@slp53.sl.home (Scott Lurndal) - 2026-04-18 15:55 +0000
Re: MacOS TCP port permissions cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-18 16:09 +0000
Re: MacOS TCP port permissions boltar@caprica.universe - 2026-04-17 10:31 +0000
Re: MacOS TCP port permissions Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-04-17 22:53 +0000
Goodbye, Privileged Ports! [was Re: MacOS TCP port permissions] cross@spitfire.i.gajendra.net (Dan Cross) - 2026-04-17 14:58 +0000
csiph-web