vulnerability with ssh-agent

Keld Jørn Simonsen keld at dkuug.dk
Thu Jul 15 06:25:04 EST 2004


On Wed, Jul 14, 2004 at 03:02:38PM -0500, joshua stein wrote:
> > > if you have "an intruder with root privileges", you have bigger
> > > problems
> > 
> > Actually not necessarily so. The intruder with root privileges may have
> > broken in on my home system, but that is something I can deal with.
> > The intruder can via these techniques get access to some servers
> > where I have stored my dsa keys, and that would be a much bigger problem. 
> 
> and if i had root on your machine, what's to stop me from
> backdooring the ssh client/server, terminal handling, or anything
> else to completely bypass whatever changes you're requesting be made
> here?

I don't know, but it would easily take you more time than just saying:

SSH_AUTH_SOCKET=/tmp/ssh-Cgk15536/agent.15536 ssh trusted.com

Furthermore my surveilance will report that you tampered with my ssh,
and you cannot get my dsa key out of the running ssh-agent.
You will have to wait for me to type in my passphrase again.
Chances are that I will detect you before that is done.

best regards
keld




More information about the openssh-unix-dev mailing list