The Potential for an SSH Worm
The OpenBSD journal features an
article
that describes how a SSH worm could use known_hosts files and
ssh-keys not protected by passwords to spread.
The article is a summary on a
MIT article about protecting against such an attack
that was also recently addressed by security guru
Bruce Schneier.
Maybe it's really time to password-protect ssh-keys and
start usingsshagent!
