OpenSSH daemon security bug?

Michael Stone mstone at mathom.us
Wed Jan 6 07:31:34 EST 2010 

On Tue, Jan 05, 2010 at 11:06:28AM -0800, Jamie Beverly wrote:
>More to the point, password authentication is fundamentally less secure than ssh public key authentication. The comparisons being made here are seemingly getting hung up on the word "password", and supposing that the weakness of one password is the same as the weakness of another. They are not.
>
>The password on a private key helps to protect that private key from being stolen. However, the most often exploited, and hence far greater risks are brute-force/dictionary attacks and password interception. 

So you're commonly seeing network-based brute-force (not dictionary) 
attacks against passwords via SSH? That's the brute-force risk that 
you're mitigating by going to private keys. In my experience the 
password compromises via SSH are for passwords like "admin" and 
"password"--which you can mitigate perfectly well without going to key 
based auth. If you're really curious about this you can gin up a ssh 
that logs incoming passwords and see what people are actually trying.  
(The other major vector is password capture at a compromised endpoint, 
but keys in themselves aren't going to help you there.) I don't think 
anyone can argue that there aren't issues with SSH passwords being 
attacked these days, but those are pretty much always "stupid password" 
issues rather than "password" issues. One way to mitigate that is to 
make a bunch of configuration changes to disallow passwords.  Another 
way to mitigate that is to make a bunch of configuration changes to 
disallow stupid passwords. In general the problem tends to be that 
someone didn't configure things up front to disallow stupid passwords 
and then blamed the technology rather than the configuration.

>As dkg points out, you have to trust your users not to do stupid things, and more often than not, continue to find yourself disappointed when they do in fact, do stupid things. That said, there is NO case where password authentication is MORE, or even nearly AS secure as private key authentication. Public key authentication mitigates more risk.Period. 

Spoken as someone who hasn't seen massive network compromises caused by 
poorly managed SSH keys? Public keys mitigate *different* risks and have 
*different* vulnerabilities. Making any kind of general pronouncement is 
dangerously oversimplifying things.

Put a different way: given your particular threat profile, is a 2048 bit 
key less secure than a 4096 bit key? Would a 8192 bit key add a lot to 
your security? Sometimes security has nothing to do with the math and a 
lot more to do with the implementation and the human factors.

Mike Stone

More information about the openssh-unix-dev mailing list