LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The coming Web security woes (News.com)

The coming Web security woes (News.com)

Posted Jul 12, 2005 3:55 UTC (Tue) by rqosa (guest, #24136)
In reply to: The coming Web security woes (News.com) by dlang
Parent article: The coming Web security woes (News.com)

Simply breaking into a ssh server shouldn't be sufficient to get people's private keys, because there's never any need to store private keys on a machine with sshd running (or any outward-facing open ports) or transmit them over a network; if someone does that, it's their own fault.

Also, there's the possibility of using different keys for each server one connects to.

(Log in to post comments)

The coming Web security woes (News.com)

Posted Jul 12, 2005 5:04 UTC (Tue) by dlang (subscriber, #313) [Link]

you could use different keys for each server, but more important then that is to use different passphrases for each key, and now you're back to remembering a different password (passphrase) for each server, which is not practical for most people.

transitive trust attacks don't come from attacking the server, they come from attacking the client machine, gaining control of that machine and then accessing the machines that trust it (sometimes accessing them directly, frequently accesing them through the first comprimised machine)

the server being accessed through SSH only knows that the connection is comeing from machine A, it doesn't have any idea if it is joe user or henry hacker that's makeing that connection, the server is trusting the security of machine A to enforce that.

when people don't lock things down by IP as well you don't even know that the connection is comeing from machine A, you just know it's comeing from someone who has access to the cert, this could be joe user on his laptop, or it could be henry hacker who installed a keystroke logger on Joe's machine to get his passphrase and copies his keys while he was in there.

David Lang

The coming Web security woes (News.com)

Posted Jul 12, 2005 6:18 UTC (Tue) by rqosa (guest, #24136) [Link]

> transitive trust attacks don't come from attacking the server, they come from attacking the client machine, gaining control of that machine and then accessing the machines that trust it

But attacking a client machine, which presumably has no outward-facing open ports, is more difficult than attacking a server, and once a client machine has been compromised it could have a keystroke logger installed so a transitive trust attack could be done even if the user is using plain old passwords for authentication. OTOH, there's one-time passwords...

The coming Web security woes (News.com)

Posted Jul 12, 2005 13:51 UTC (Tue) by emkey (guest, #144) [Link]

Even one time passwords will not fully protect you.

The wider your trust boundary, the better the odds of compromise. The more critical/sensitive the application, the smaller that trust boundary should be.

ssh is a great tool. However, it is not magic. It is only as good as the underlying protocols and codebase allow it to be.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds