OpenSSH daemon security bug?

Jefferson Ogata Jefferson.Ogata at noaa.gov
Wed Jan 6 22:48:43 EST 2010


On 2010-01-06 10:21, Aris Adamantiadis wrote:
> Jefferson Ogata a écrit :
>> I'm not lucky. If you've seen someone steal a key *and* a passphrase and
>> use it, you're the lucky/unlucky one. I've been doing incident response
>> for over 10 years and I've never seen that happen.
> 
> I've got feedback of pentesters actually doing that almost each time
> they do a pentest and succed. Either they compromise the private keys by
> stealing the password (keypress sniffer, console sniffer, ...) or by
> fetching the decrypted key in the user agent. Encrypted key files are a
> layer of protection but they can't stop a competent intruder who can sit
> down and wait until you actually use your key.

That is true. But the vast majority of intruders are incompetent.

As for your pen-testers, they had to get on the box with the private key
somehow before they could perform that attack. And they're pen-testers.
Have you ever seen this happen in a genuine intrusion?

-- 
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service


More information about the openssh-unix-dev mailing list