SSHamble pubkey-hunt defense?

[Jochen Bern]

Am 04.05.26 um 08:47 schrieb Catalin Patulea:
> On Sun, May 3, 2026 at 6:26 PM HD Moore <hdm at runzero.com> wrote:
>> I can't speak for the OpenSSH team, but had a couple thoughts
>> on this topic:

More random thoughts:

>> 1. Moving to SSH certificates may mitigate this without requiring
>>    code changes to any clients/servers.

Does that mean that, in an environment that does *not* (yet ...) use a 
central SSH CA, it would be advantageous to tell users to set up their 
own CA, give themselves a (supposedly long-lived) cert, and configure 
the CA's cert instead of their normal pubkey onto the target hosts 
(where supported)?

>> 2. It would help if the pub key check sent proof of ownership of
>>    the private key (even a signed challenge of something basic/
>>    reusable like the date in UTC). There's probably a million
>>    reasons why this a bad idea [...]

As a staunch user of the "-c" option to ssh-add: Would/should the 
creation of such a "trivial" signature trigger the user interaction, 
too? Possibly for *each* keypair in the agent, until the trial-and-error 
hits one that the server's willing to accept?

Should the agent try to reduce the interactions to one for 
timestamp-signing across *all* loaded keypairs (so as to keep an attack 
that tries to pre-create and exfiltrate signatures for the next X hours 
visible), and one for the "real" use of the keypair eventually selected 
... ?

(... and can we please have something done about every "would you accept 
this keypair?" - "no" exchange still being counted as a "failed *login* 
attempt" on the server side while we^H^Hyou're at it ... :-3 )

Kind regards,
-- 
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260505/02c74f89/attachment.p7s>