Disabling Password-based auth? (was RE: recent breakins)
Jason Stone
jason at shalott.net
Fri Jun 1 23:59:13 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> But it's not as simple as forwarding the password-based
> authentication. Regardless of what method was used to SSH from system
> one (user's) to system two (SF), the user then started up *a second*
> SSH session to go from two (SF) to three (Apache). There is no
> effective way for any authentication information from the first
> session to be passed to the second, in my mind.
>
> Remember that the SF servers had suffered a root compromise--so any
> non-password-based authentication that would allow the user on the SF
> system to get to the Apache systems could have been equally
> compromised.
That's exactly the point of SRP (well, one of the points) - it takes care
of that - even if the host in the middle has been compromised and the
attacker is sniffing all the ttys or something
One can imagine other ways of ssh'ing through multiple systems without
giving away passwords to the intermediate hosts. A trivial example -
instead of saying "ssh -t host1 ssh host2" we can say instead
"ssh -f -L 2222:host2:22 host1 'sleep 999999'; ssh -p 2222 localhost" -
the latter commandline never allows host1 to see the plaintext of your
password/key/whatever for host2.
-Jason
---------------------------
If the Revolution comes to grief, it will be because you and those you
lead have become alarmed at your own brutality. --John Gardner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE7F5+1swXMWWtptckRAkBZAKCsXTzgmEebtaXiLaDiGfJwQVaqbACgpN2N
zPTJ9c7I+aKTnR/RnFUqw0w=
=TlgR
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list