[Bug 1806] New: SSH Client - Militant Identity File Permission Potentially Increases Security Risk

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Aug 14 05:42:13 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1806

           Summary: SSH Client - Militant Identity File Permission
                    Potentially Increases Security Risk
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: JakubSadowski at GMail.com


The SSH client (in all versions, on all UNIX-like platforms) that I've
ever used refuses to connect using a key file if it's permissions are
"too open" with no option or bypass provided to the user.

This can potentially undermine the client's own goal of protecting keys
under some circumstances such as the one posted here: 
http://forums.debian.net/viewtopic.php?t=31129

My circumstance is similar in that I have an ecrypted USB key with
underlying VFAT filesystem which is used for securely storing all my
encryption keys.  It is sometimes used under a guest account on systems
with a default install to which I do not have root access.  The refusal
of the client to connect using this secured file forces me to copy it
to a home or temp directory and change the permissions.

Aside from being inconvenient it also introduces the risk that either
the user forgets to delete the key from the temporary location or that
the key is scraped from the hard drive at some future date (such as
after the machine it was used on is retired).  This also defeats the
purpose of keeping the key on a USB stick which is to keep it OFF of
local hard drives.

Some recommendations:
1) An override for the user.  Inform them, but allow them to "take it
under advisement", so to speak.
2) An ssh + ssh_config option to control this behaviour.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list