Repost: [patch] Automatically add keys to agent

Hank Leininger hlein at korelogic.com
Fri Jan 29 08:59:45 EST 2010 

On Mon, Jan 18, 2010 Joachim Schipper wrote:
> What this patch does can be described as follows:
> 
> Without:
> you at local$ ssh somehost
> Enter passphrase for RSA key 'foo': 
> you at somehost$ exit
> $ ssh otherhost
> Enter passphrase for RSA key 'foo':
> you at otherhost$
> 
> With:
> you at local$ ssh somehost
> Enter passphrase for RSA key 'foo': 
> you at somehost$ exit
> $ ssh otherhost
> you at otherhost$
> 
> That is, it means you don't have to type the passphrase twice.

This sounds very convenient.

It also sounds very dangerous.

Imagine an attacker has access to your account on a target system.  They
modify your authorized_keys file to add a command="" (or muck with your
.bashrc or similar) to run this script when you connect:

  #!/bin/bash

  stty -echo
  echo -n "Enter passphrase for RSA key 'foo': "
  read GOTCHA
  stty echo
  echo
  echo "gotcha, passphrase is: '$GOTCHA'"

[ And of course a real attack would stash or forward your passphrase, and
  just exec a shell so you think everything's normal. ]

This is a concern with regular ssh setups as well: any time you ssh to a
remote host using a passphrase-protected key, the remote host may try
feeding you a bogus prompt and you might fall for it, thus giving away
your passphrase (which is one of the problems with password-auth that
key-auth is supposed to improve on).  The ways to avoid ever falling
into this trap:

1) Always ssh with -v, and read the verbose messages every time, so you
   are certain you know where the prompt originated.  Not likely.

2) Always ssh-add your passphrases locally first, before ssh'ing
   anywhere.  For best results, set BatchMode=yes by default in
   ~/.ssh/config so that you will never ever ever be prompted
   legitimately; the connection will simply fail until you remember
   to ssh-add.  Therefore any time you are ever prompted when ssh'ing
   somewhere, you are being messed with.

Your patch undermines 2).  If it became a standard practice to
"transparently add a passphrase to the agent the first time a key is
used", then people will get used to the behavior that they sometimes
have to enter their passphrase when ssh'ing somewhere, and sometimes
don't.  That will make them more willing victims.  It's like sending
users "secure" self-extracting encrypted archives, teaching people that
it's sometimes OK after all to execute .exe's they receive in
emails--undermines best-practice training and will end badly.

-- 

Hank Leininger <hlein at korelogic.com>
BE5D FCCA 673B D18B 98A9  3175 896E 3D4A 1B4D C5AC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 447 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100128/42053ff6/attachment.bin>

More information about the openssh-unix-dev mailing list