LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora intrusion update

Fedora intrusion update

Posted Sep 21, 2008 10:52 UTC (Sun) by tialaramex (subscriber, #21167)
In reply to: Fedora intrusion update by dowdle
Parent article: Fedora intrusion update

An unprotected key is a good bet actually. Far, far too many people have SSH keyfiles with no passphrase.

Unlike poor quality passwords there's no way to test for it on the server, the SSH client, understandably, doesn't advertise how well protected your keys are, so the server has to assume you're protecting them adequately.

While password discovery would be a big threat for an organised attack, since passwords are notoriously poorly protected by users, an unprotected SSH key is a lot more plausible as an attack of opportunity - a bad guy finds a SSH account somewhere, it has an unprotected key, and he uses the known hosts lists* to break into all the machines where it is valid. He's looking through the list for anything interesting and sees - aha- a Red Hat development machine.

* Well known vulnerability: SSH clients store the list of hosts they've previously connected to in plaintext, in order to facilitate fast confirmation of previously seen host keys. This list is stored with similar privileges (and often adjacent) to the private key material. So someone who can steal the key can nearly always also steal a list of hosts where it is most likely to be valid. The best available threat reduction is a hashing phase, which stores only a hash of the destination hosts, increasing the work needed for an attacker to identify the hosts. But this reduction is far from completely effective and is not widely enabled anyway, particularly by the sort of person who doesn't bother to have a good passphrase for their key.

(Log in to post comments)

Fedora intrusion update

Posted Sep 21, 2008 16:09 UTC (Sun) by johill (subscriber, #25196) [Link]

As far as I know, ssh hasn't stored the known hosts in plaintext for a long time, they are hashed now so you can match host -> entry but not do entry -> host.

Fedora intrusion update

Posted Sep 21, 2008 16:11 UTC (Sun) by johill (subscriber, #25196) [Link]

Oh, sorry, you had mentioned the hashing and I just read too fast, but it is indeed enabled by default on many distros now and I don't see a good way to crack it. .bash_history might be a better venue.

Fedora intrusion update

Posted Sep 21, 2008 16:43 UTC (Sun) by gmaxwell (subscriber, #30048) [Link]

I am aware of HashKnownHosts, but is anyone actually using it?

As far as I can tell it's not on by default in Fedora 9. It's kind of an annoying feature, if it were on I'd probably turn it off. The increase in security is minimal due to the existence of bash history.

The reason users don't encrypt their ssh key is because they don't want spend their lives typing passwords over and over again. Since in *theory* a users SSH keys should only be on a system they are sitting at (further intermediate hops should be handled via ssh-agent) it may not be unreasonable to use some pam/kernel_keyring integration so that the ssh key is at least encrypted with some derivative of their login password.


Fedora intrusion update

Posted Sep 25, 2008 1:56 UTC (Thu) by jimparis (subscriber, #38647) [Link]

> I am aware of HashKnownHosts, but is anyone actually using it?

It has been the default in Debian since May 26, 2005.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds