smbsh and others.

Alexandre Oliva oliva at
Wed Oct 7 11:03:01 GMT 1998

Luke Kenneth Casson Leighton <lkcl at> writes:

> On 6 Oct 1998, Alexandre Oliva wrote:

>> Luke Kenneth Casson Leighton <lkcl at> writes:

>> > that's why i said 700 permissions on the ~/.smb directory.

>> That won't do if you don't trust the local sysadmin and you're willing 
>> to access remote filesystems.  In fact, if the sysadmin really wants
>> to steal your password, s/he can do that no matter how much you try to 
>> prevent it, but why shouldn't we make her/his job harder? :-)

> same applies to ~/.ssh and the private key.

The private key in ~/.ssh is encrypted using the user's password as a
key.  Furthermore, I'm not sure about the protocol between ssh-agent
and ssh, but I think it is also encrypted using session keys.  Which
doesn't mean the super-user cannot break them if s/he wishes, just
that his job is much harder.

Alexandre Oliva
mailto:oliva at mailto:oliva at mailto:aoliva at
Universidade Estadual de Campinas, SP, Brasil

More information about the samba-technical mailing list