OpenSSH daemon security bug?

Jamie Beverly jamie.beverly at yahoo.com
Thu Jan 7 06:16:18 EST 2010 

----- Original Message ----

> From: Davi Diaz <davi at leals.com>
> To: openssh-unix-dev at mindrot.org
> Cc: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> Sent: Wed, January 6, 2010 10:29:59 AM
> Subject: Re: OpenSSH daemon security bug?
> 
> Daniel Kahn Gillmor wrote:
> > "ssh -A" *will* expose the ability to *use* the private key to
> > the remote host, unless your agent is configured to prompt the user
> > before using the key ("ssh-add -c").
> >
> > So [...] the remote host [...] will have effective access to the key.
> 
> 
> > See Matt Taggart's "Good Practices for ssh" for more tips:
> >   http://lackof.org/taggart/hacking/ssh/
> 
> In my opinion this is a misfeature which removes any good from key based 
> security because you depend on good practices.

Agent forwarding is a good thing in most cases. It prevents you from having to copy private keys around, but they do certainly have risks. If you forward your agent to a host with root users you do not trust (perhaps via privilege escalation), they will indeed be able to use your agent for the duration you remain connected. They will not be able to obtain your keys, be able to continue using your keys once you have disconnected (or lock your agent). They have never taken your authentication token itself.

Compare this with the risk of connecting to a host with untrusted root users and entering a password. Here, your authentication token itself has been harvested, and when you disconnect, they still possess it, and can continue to use it.

So while you should _NEVER_ forward an unlocked ssh-agent to a host you do not trust completely, it exposes only a temporary risk, and that risk is sufficiently less than requiring the transmission of the authentication token itself.

> 
> Back to use account-passwords access only.
> 

If the risks of public key authentication are too great for your use-case, going to a less secure mechanism will certainly not improve things. You should look to PKCS#11, RSA SecurID (one-time-passwords with PIN), or similar mechanisms.

More information about the openssh-unix-dev mailing list