On Tue, Jan 10, 2012 at 2:49 PM, John Doe <jdmls at yahoo.com> wrote: > From: Bennett Haselton <bennett at peacefire.org> > > > On 1/10/2012 5:16 AM, John Doe wrote: > >> The sshd child is running as bob; so it has bob (and not root) > rights... > > > > Yes, I understand that. What I said was that if you could take complete > > control of the sshd process you were connecting to, even if that process > > was completely unprivileged, you could still make it say "Accept a login > > from 'root' with password 'foo'" and then log in as root. > > How would your bob owned child sshd take complete control of the > parent root owned sshd...? > > JD > > Or, if you simply WANT more layers, then deploy defense-in-depth in FRONT of sshd. VPN or port-knocking springs to mind BR Bent