[Bug 1806] New: SSH Client - Militant Identity File Permission Potentially Increases Security Risk
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Aug 14 05:42:13 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1806
Summary: SSH Client - Militant Identity File Permission
Potentially Increases Security Risk
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: JakubSadowski at GMail.com
The SSH client (in all versions, on all UNIX-like platforms) that I've
ever used refuses to connect using a key file if it's permissions are
"too open" with no option or bypass provided to the user.
This can potentially undermine the client's own goal of protecting keys
under some circumstances such as the one posted here:
http://forums.debian.net/viewtopic.php?t=31129
My circumstance is similar in that I have an ecrypted USB key with
underlying VFAT filesystem which is used for securely storing all my
encryption keys. It is sometimes used under a guest account on systems
with a default install to which I do not have root access. The refusal
of the client to connect using this secured file forces me to copy it
to a home or temp directory and change the permissions.
Aside from being inconvenient it also introduces the risk that either
the user forgets to delete the key from the temporary location or that
the key is scraped from the hard drive at some future date (such as
after the machine it was used on is retired). This also defeats the
purpose of keeping the key on a USB stick which is to keep it OFF of
local hard drives.
Some recommendations:
1) An override for the user. Inform them, but allow them to "take it
under advisement", so to speak.
2) An ssh + ssh_config option to control this behaviour.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list