Portable OpenSSH 2.5.1p1
Damien Miller
djm at mindrot.org
Sun Feb 25 09:22:11 EST 2001
On Mon, 19 Feb 2001, Gert Doering wrote:
> Hi,
>
> On Tue, Feb 20, 2001 at 03:00:00AM +1100, Damien Miller wrote:
> > 5) Important changes in the implementation of SSH 1 protocol:
> >
> > The OpenSSH server does not require a privileged source port for
> > RhostsRsaAuthentication, since it adds no additional security.
>
> I don't buy (understand?) that.
>
> Using RhostsRsaAuthentication, I can give user "A" the right to log
> into an account, but not user "B" on the same client machine.
>
> Requiring privileged ports for this means "user B can't compile his
> own ssh client that pretents he's user A", so user B can't easily
> hack into my account. Now if I don't trust "root" on the client
> machine, or if B can get root access, I'm lost anyway, that's true
> (but if they have root access, they can hijack my ssh sessions by
> fiddling with ttys, so in that case, I have lost in any case).
You are forgetting that the ssh client still needs access to the host's
*private* key to sign the authentication request. This still implies
a suid root client, but it is one less thing we need priviliges for.
SSH.COM apparently implement this with a signing subprocess which is
sgid to a magic group which owns the host key. This does away with the
need to be suid root.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list