OpenSSH daemon security bug?
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Wed Jan 6 22:48:43 EST 2010
On 2010-01-06 10:21, Aris Adamantiadis wrote:
> Jefferson Ogata a écrit :
>> I'm not lucky. If you've seen someone steal a key *and* a passphrase and
>> use it, you're the lucky/unlucky one. I've been doing incident response
>> for over 10 years and I've never seen that happen.
>
> I've got feedback of pentesters actually doing that almost each time
> they do a pentest and succed. Either they compromise the private keys by
> stealing the password (keypress sniffer, console sniffer, ...) or by
> fetching the decrypted key in the user agent. Encrypted key files are a
> layer of protection but they can't stop a competent intruder who can sit
> down and wait until you actually use your key.
That is true. But the vast majority of intruders are incompetent.
As for your pen-testers, they had to get on the box with the private key
somehow before they could perform that attack. And they're pen-testers.
Have you ever seen this happen in a genuine intrusion?
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list