vulnerability with ssh-agent

Ben Lindstrom mouring at etoh.eviladmin.org
Sun Jul 18 01:59:41 EST 2004



On Sat, 17 Jul 2004, Keld [iso-8859-1] Jørn Simonsen wrote:

> On Wed, Jul 14, 2004 at 09:31:11PM +0200, Nils Larsch wrote:
> > Keld Jørn Simonsen wrote:
> > >Michael Stevens wrote:
> > >
> > >
> > >>If its in memory, you should assume that root can see it.
> > >
> > >
> > >yes, that is of cause true, but I am not sure that the dsa key
> > >is in the memory of the ssh-agent, and I am not sure that it will be
> > >easily visible. I had a try if I could find my dsa key in the /proc/pid/exe
> > >file of the ssh-agent with strings, but I could not find it.
> >
> > /proc/$PID/exe is a link to the executable file and _not_ the
> > process memory, for that you have /proc/$PID/mem (or /proc/kcore)
> > see the proc manpage
>
> Yes, I already found out, but it was a bit embarrassing to correct my
> mistake on the list. As you may have noticed, I am not a regular openssh
> hacker. My idea was to then use something like gdb to access the
> /proc/pid/mem to see if the keys were encrypted or not.
>
> I have taken the sources and done a little hacking, and I noticed a
> remark that the encryption of sensitive information in ssh-agent was a
> "TODO". So somebody else than me, and with some status in the project,
> enough to make comment on what to do, has also considered it a good
> idea, to encrypt keys and other stuff.
>

You're misunderstanding the comment.  The comment is suggesting when
ssh-agent is locked that all private data should be encrypted beyond
setting the "locked" flag.

It is not an over all "keep everything encrypted that is private".

- Ben




More information about the openssh-unix-dev mailing list