Trick user to send private key password to compromised host
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Wed May 14 10:01:39 EST 2008
On 2008-05-13 22:19, Dan Yefimov wrote:
> On Tue, 13 May 2008, Jefferson Ogata wrote:
>>> This problem along with backups or NFS/CIFS traffic dumps being available to
>>> the attacker has nothing to do with OpenSSH at all. Those are political and too
>>> generic issues. If you care so much about security, keep your backups in a
>>> secure place and never use NFS-backed homes over insecure networks. As for
>>> CIFS, AFAIK it can use SSL.
>> Of course this is an issue for openssh; matters such as network home
>> directories and backup policies are not under openssh's control, but
>> openssh's private key handling IS under openssh's control. Do you even
>> understand the purpose of the private key passphrase? It appears not...
>>
> Strange assertion. Of course, I understand the purpose of the private key
> password.
That's not evident given your irrelevant comment that "the private key
is NEVER transmitted via the network by SSH". The passphrase exists *in
case* the private key file is compromised nevertheless. All this talk
about network home directories and other nonsense is a red herring; one
has to protect the passphrase with as much zeal as the private key file
if the private key is to remain secure.
If the original poster had described a way the private key file could be
recovered by the remote host, but not the passphrase, would you be as
dismissive about it? Is it not clear to you that it's important to
protect both?
>> Openssh can and should write something indicating the the private key
>> was successfully decrypted before continuing authentication, let alone
>> requesting a shell. Arguably it should similarly print something if the
>> private key was successfully retrieved from ssh-agent.
>
> And it can do that when run with -vv command line argument, if desired.
That's obviously not workable, unless you want a ton of debugging
information.
>> This feature could be under control of a directive, of course.
>>
> Or under command line argument's control, like it is done currently.
Done how, other than by using -vv?
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list