Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"If your key is on a smart card it can not be stolen, even if the machine you're ssh'ing from has been compromised."

If the machine you're ssh'ing from has been compromised by a halfway competent attacker, there's no need for them to get the key from the smart card. They can log in to the remote machine by simply piggybacking on to your ssh session (with a compromised ssh client).



Of course. There is still significant value in not allowing the attacker to ssh at will from any box at any time though.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: