• baseless_discourse
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    8 months ago

    Yeah, but the malicious code replaces the ssh signature verification function to let it allow a specific signature. Hence attacker, with the key, can ssh into any system without proper authentication by ssh.

    This kind of describes authentication by-pass, not just remote code execution…

    EDIT: it is remote code execution, see the edit of parent comment.