[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45C9F72A.4070000@p6drad-teel.net>
Date: Wed, 07 Feb 2007 17:58:34 +0200
From: Siim Põder <windo@...rad-teel.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: (Psexec on *NIX)
Yo!
Stan Bubrouski wrote:
> On 2/2/07, Tyop? <tyoptyop@...il.com> wrote:
>> key-based login without passphrase is like eating cheese without
>> bred. useless (IMHO).
>>
>
> Totally, if someone compromises the machine and gets root they get all
> your keys and without a passphrase... yeah no good.
If someone comprimises the machine and gets root your keys are very
likely to be compromised any way. Root can easilly trojan your or
ssh/ssh-agent and retrieve the keys.
Same goes for passwords (although they have to be picked one at a time).
Realistically, it is a pain to have all different passwords for all the
different boxes. You can remember maybe something like 25 or so
passwords if they are complex (if you do better then i'm happy for you)
so you could propably use that if you are managing that kind of number
of different boxes (or sets of similar boxes, if you use the same
password in some cases).
Also, with passwords you have to type them in when you log in to other
machines, so it's possible to lose the password if any host in the chain
is compromised - which is not the case for key auth and agent forwarding.
For key auth and agent forwarding, the issue is that your keys could be
used (not read) while your agent is forwarded.
Now, I presume that I can keep my computer from being compromised. If i
can't do that, I am fucked anyway. I keep the keys in my computer.
Next, I create two sets of private keys, one that I use for user
accounts "gateway hosts" (to get to the machines not directly
accessible) that I ssh-add to my ssh-agent and allow anyone to use.
The second key is used for accounts that I can get root with and I add
them with ssh-add -c so that I would be alerted every time their usage
is requested (SSH_ASKPASS). I forward the agent only to those gateway hosts.
The alert box pops up on my screen with default "Confirm" button
selected so I have to do an extra enter keypress for each logon. You
could require some sort of easy password be typed to the confirmation
box, so that some clever hacker couldn't monitor a remote session of
yours and make his login attempt exacly when you are about to press
enter anyway.
I think it's pretty solid and also comfortable, what do you think?
Siim Põder
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists