Trick user to send private key password to compromised host
Dan Yefimov
dan at nf15.lightwave.net.ru
Wed May 14 15:26:24 EST 2008
On Wed, 14 May 2008, Jefferson Ogata wrote:
> > Strange assertion. Of course, I understand the purpose of the private key
> > password.
>
> That's not evident given your irrelevant comment that "the private key
> is NEVER transmitted via the network by SSH". The passphrase exists *in
> case* the private key file is compromised nevertheless. All this talk
> about network home directories and other nonsense is a red herring; one
> has to protect the passphrase with as much zeal as the private key file
> if the private key is to remain secure.
>
> If the original poster had described a way the private key file could be
> recovered by the remote host, but not the passphrase, would you be as
> dismissive about it? Is it not clear to you that it's important to
> protect both?
>
There's nothing to debate here. You're talking about obvious matters.
> >> Openssh can and should write something indicating the the private key
> >> was successfully decrypted before continuing authentication, let alone
> >> requesting a shell. Arguably it should similarly print something if the
> >> private key was successfully retrieved from ssh-agent.
> >
> > And it can do that when run with -vv command line argument, if desired.
>
> That's obviously not workable, unless you want a ton of debugging
> information.
>
But that information is needed only in case of doubt. One don't obviously want
it all the time. But if someone wants, he can edit sshconnect{1,2}.c replacing
corresponding debug2() calls with calls to verbose() or logit() within
functions try_rsa_authentication() and load_identity_file().
--
Sincerely Your, Dan.
More information about the openssh-unix-dev
mailing list