Ldap and host keys

Damien Miller djm at mindrot.org
Wed Mar 7 10:47:58 EST 2001


On Tue, 6 Mar 2001, Steven Dean wrote:

> Hi,
>
> I am looking at the possibility of storing the public ssh host keys in ldap
> and having the clients look there rather then the standard known_hosts file.
> I am not looking at having the clients write anything to the ldap server just
> check the validity of the public keys.  Would there be any serious security
> implications with this type of setup?

You are trusting your LDAP server and LDAP client library, which is a fair
bit of code. What happens if your LDAP server is down or unavailable?
Will you fail-open or fail-closed? If you fail-open, then a DoS against
your LDAP server could be expanded to an attack against your clients,
if you fail-closed then an attack against your LDAP server is a very
effective DoS against all your clients.

If your LDAP server is not on that same machine as your ssh client, then
you are also trusting any networks between the two. LDAP over SSL/TLS
might mitigate this.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer






More information about the openssh-unix-dev mailing list