OpenSSH daemon security bug?

Andreas Gunnarsson andreas at zzlevo.net
Wed Jan 6 05:27:00 EST 2010 

On Tue, Jan 05, 2010 at 05:13:41PM +0000, Davi Diaz wrote:
> If users does not agree [on following the security policy], I would be
> even against adding ssh-key access to the current password based
> access because ssh-key without a good key policy management is less
> secure even if the public key has to be included in the
> 'authorized_keys' file on the server.

Password authentication with a weak password is in itself no more secure
than public key authentication where the private key is protected with a
weak password. In the former case the attacker only needs to guess the
password, in the latter case they also need to get the private key.
Knowledge of the public key does not help an attacker.

A potential risk with public key authentication is that if an attacker
does find the encrypted private key they will be able to try passwords
offline, without contacting the server until the correct one was
guessed.

On the other hand, an attacker who manages to get hold of the server's
host key could be able to do a man-in-the-middle attack on users who log
in using password authentication. Such an attack is not possible with
public key authentication.

And if the server is compromised, password authentication allows the
attacker to collect users' passwords which most likely will be valid for
other sites. If public key authentication is used, the attacker will not
be able to collect the private keys (unless they are stored on the
compromised system and the user unlocks it while logged on there of
course).

So which authentication method is best depends on the circumstances.
Public key authentication with a well protected private key may be
perfectly secure even without a passphrase. Automatic jobs often use
passwordless private keys if they need to connect to another host, for
example. But unless the private key is somehow made publicly available,
I would say that public key authentication is "more secure" in most
cases.

Of course, for interactive use, a private key with a good passphrase is
better than one with a week passphrase in almost all cases.

   Andreas

More information about the openssh-unix-dev mailing list