Disabling Password-based auth? (was RE: recent breakins)

Jason Stone jason at shalott.net
Fri Jun 1 23:59:13 EST 2001

Hash: SHA1

> But it's not as simple as forwarding the password-based
> authentication.  Regardless of what method was used to SSH from system
> one (user's) to system two (SF), the user then started up *a second*
> SSH session to go from two (SF) to three (Apache).  There is no
> effective way for any authentication information from the first
> session to be passed to the second, in my mind.
> Remember that the SF servers had suffered a root compromise--so any
> non-password-based authentication that would allow the user on the SF
> system to get to the Apache systems could have been equally
> compromised.

That's exactly the point of SRP (well, one of the points) - it takes care
of that - even if the host in the middle has been compromised and the
attacker is sniffing all the ttys or something

One can imagine other ways of ssh'ing through multiple systems without
giving away passwords to the intermediate hosts.  A trivial example -
instead of saying "ssh -t host1 ssh host2" we can say instead
"ssh -f -L 2222:host2:22 host1 'sleep 999999'; ssh -p 2222 localhost" -
the latter commandline never allows host1 to see the plaintext of your
password/key/whatever for host2.


 If the Revolution comes to grief, it will be because you and those you
 lead have become alarmed at your own brutality.         --John Gardner

Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg


More information about the openssh-unix-dev mailing list