I currently use ssh for various logins from home and from work.
I have set up the logins so that they work without me entering a password or key phrase at all, i.e. I *think* when asked for a key to generate the encrypted string used for authorisation I entered nothing.
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with access to my work machine or my home machine will be able to login to these remote systems without knowing the password but that's not a big problem really, there is far more important and sensitive information on my desktop machines than there is on the places where I remotely login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
On Thursday 19 May 2005 4:34 pm, Chris Green wrote:
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with access to my work machine or my home machine will be able to login to these remote systems without knowing the password but that's not a big problem really, there is far more important and sensitive information on my desktop machines than there is on the places where I remotely login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
The encryption is no weaker, but the public key is.
So if one of your machines gets somehow compromised and the keys get copied then the attacker can log into your remote machines without knowing any additional passwords. Essentially you have taken the something you are, something you have, something you know security model and broken it down to the point where you are only using one of those factors...this is never a great idea.
You could mitigate this potential security risk somewhat by limiting where your remote machines will accept ssh connections from, but this is only a small step in security improvement compared to having passphrase protected keys.
It's pretty much the computing equivalent of leaving a set of your car keys on your desk at all times, complete with a keyring providing your vehicle registration. Fine if you trust everybody that potentially has access to your desk.
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
On Thursday 19 May 2005 4:34 pm, Chris Green wrote:
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with access to my work machine or my home machine will be able to login to these remote systems without knowing the password but that's not a big problem really, there is far more important and sensitive information on my desktop machines than there is on the places where I remotely login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
The encryption is no weaker, but the public key is.
So if one of your machines gets somehow compromised and the keys get copied then the attacker can log into your remote machines without knowing any additional passwords. Essentially you have taken the something you are, something you have, something you know security model and broken it down to the point where you are only using one of those factors...this is never a great idea.
You could mitigate this potential security risk somewhat by limiting where your remote machines will accept ssh connections from, but this is only a small step in security improvement compared to having passphrase protected keys.
It's pretty much the computing equivalent of leaving a set of your car keys on your desk at all times, complete with a keyring providing your vehicle registration. Fine if you trust everybody that potentially has access to your desk.
Well I do that as well! :-)
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
Yes, that's one of my reasons for doing it as well.
Thanks for the excellent explanation of what the risks are, knowing what they are is half the battle.
Chris Green wrote:
On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
Yes, that's one of my reasons for doing it as well.
I use keychain for this (http://www.gentoo.org/proj/en/keychain/index.xml). It allows you to login and specify the passphrase for the keys you want and it sticks around after you've logged out and keeps ssh-agent running for you. Your rsync job can then use the ssh-agent to allow it to login without a password and if someone manages to steal your key they still don't know the passphrase. Of course, if anyone gains access to the account on the client machine while keychain is running they can still log into your server.
JD
On Thu, May 19, 2005 at 09:57:12PM +0100, Jon Dye wrote:
Chris Green wrote:
On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
Yes, that's one of my reasons for doing it as well.
I use keychain for this (http://www.gentoo.org/proj/en/keychain/index.xml). It allows you to login and specify the passphrase for the keys you want and it sticks around after you've logged out and keeps ssh-agent running for you. Your rsync job can then use the ssh-agent to allow it to login without a password and if someone manages to steal your key they still don't know the passphrase. Of course, if anyone gains access to the account on the client machine while keychain is running they can still log into your server.
So how does this improve on things really then, anyone who gets access to the machine where keychain is running can do what they want can't they, including *changing* the passphrase.
Chris Green wrote:
On Thu, May 19, 2005 at 09:57:12PM +0100, Jon Dye wrote:
Chris Green wrote:
On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
I use keychain for this
...
Of course, if anyone gains access to the account on the client machine while keychain is running they can still log into your server.
So how does this improve on things really then, anyone who gets access to the machine where keychain is running can do what they want can't they, including *changing* the passphrase.
I thought you needed the old passphrase in order to change the passphrase which I didn't think you could get from ssh-agent. So they can do anything they like on the client including grabbing the key but they could do that whether or not you use passwordless ssh. They can also gain access to the remote machine if keychain is running but they can't get the passphrase and therefore stealing the key is pointless.
I guess they can always change the key on the SERVER end to one they've generated.
Someone correct me if I'm wrong.
JD
On Fri, May 20, 2005 at 11:23:35AM +0100, Jon Dye wrote:
Chris Green wrote:
On Thu, May 19, 2005 at 09:57:12PM +0100, Jon Dye wrote:
Chris Green wrote:
On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
I use keychain for this
...
Of course, if anyone gains access to the account on the client machine while keychain is running they can still log into your server.
So how does this improve on things really then, anyone who gets access to the machine where keychain is running can do what they want can't they, including *changing* the passphrase.
I thought you needed the old passphrase in order to change the passphrase which I didn't think you could get from ssh-agent. So they can do anything they like on the client including grabbing the key but they could do that whether or not you use passwordless ssh. They can also gain access to the remote machine if keychain is running but they can't get the passphrase and therefore stealing the key is pointless.
I guess they can always change the key on the SERVER end to one they've generated.
Yes, that's what I meant, they can simply clear out the contents of the .ssh directory and start again.
On Thu, May 19, 2005 at 04:34:04PM +0100, Chris Green wrote:
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with
login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
The encryption will be the same, the risk is that you have to trust everyone with access to those machines won't abuse your keys. All my keys have a passphrase just because, it isn't really any harder to type it every so often. If you find that you are having to type a passphrase often then maybe you want to take a look at ssh-agent which sort of caches keys after you unlock them so you don't have to keep typing the passphrase.
Read this article for more explanation on ssh-agent (and the linked articles, I find that the items Brian Hatch writes are very informative without getting to bogged down in details)
http://www.securityfocus.com/infocus/1812
Adam
On Thu, May 19, 2005 at 10:25:53PM +0100, Adam Bower wrote:
On Thu, May 19, 2005 at 04:34:04PM +0100, Chris Green wrote:
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with
login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
The encryption will be the same, the risk is that you have to trust everyone with access to those machines won't abuse your keys. All my
Which I do basically. As I said there is *much* more important information (both as regards confidentiality and the sheer time needed to recreate it) on the machines which I connect from than there is on the machines I connect to. I.e. the 'un passphrased' keys are on my home linux box and my work desktop Solaris machine. If anyone gets access to either of those machines they can do far more damage than they could if they get access to either of my remote shell login accounts.
keys have a passphrase just because, it isn't really any harder to type it every so often. If you find that you are having to type a passphrase often then maybe you want to take a look at ssh-agent which sort of caches keys after you unlock them so you don't have to keep typing the passphrase.
It's more the automation aspect than the hassle of typing in the pass phrase. I could live with typing the passphrase in once per day at work, at home it would be messier beause I log in and out of the Linux box quite frequently.
Having said that typing the passphrase in on my work machine every morning and using ssh-agent hardly adds anything to security does it! The machine is left on all day and I don't log out when I leave my desk, how does using ssh-agent help in the slightest?
Given that having logged on to my work machine when I get to work I make a connection to the remote machines which stays up all day until I go home at the end of the day I don't think that a passphrase protected key is going to be any more secure than one that isn't passphrase protected.
(I've said the same thing twice there, never mind)
Read this article for more explanation on ssh-agent (and the linked articles, I find that the items Brian Hatch writes are very informative without getting to bogged down in details)
I'll read that anyway, the more one knows the better, thanks.
Chris Green chris@areti.co.uk writes:
I currently use ssh for various logins from home and from work.
I have set up the logins so that they work without me entering a password or key phrase at all, i.e. I *think* when asked for a key to generate the encrypted string used for authorisation I entered nothing.
I know this creates some security holes but I'm not at all clear what they are really, can anyone elucidate? I realise that anyone with access to my work machine or my home machine will be able to login to these remote systems without knowing the password but that's not a big problem really, there is far more important and sensitive information on my desktop machines than there is on the places where I remotely login. Is this the only risk or is the encryption inherently weaker if I didn't enter a key?
Something that nobody's yet mentioned (I think) that seems worth pointing out is that even with a passphrase-protected private key, an attacker who can run as your UID[1] can arrange to capture the passphrase next time you use it anyway.
That doesn't make passphrases useless, for instance they still defend against an attacker who can read your files but not run code under your UID.
[1] i.e. they don't even necessarily have to take control of the entire machine
On Fri, May 20, 2005 at 10:54:17AM +0100, Richard Kettlewell wrote:
Something that nobody's yet mentioned (I think) that seems worth pointing out is that even with a passphrase-protected private key, an attacker who can run as your UID[1] can arrange to capture the passphrase next time you use it anyway.
That doesn't make passphrases useless, for instance they still defend against an attacker who can read your files but not run code under your UID.
[1] i.e. they don't even necessarily have to take control of the entire machine
Which again points down the line that says it's the physical machine security that really matters.
Chris Green chris@areti.co.uk writes:
Richard Kettlewell wrote:
Something that nobody's yet mentioned (I think) that seems worth pointing out is that even with a passphrase-protected private key, an attacker who can run as your UID[1] can arrange to capture the passphrase next time you use it anyway.
That doesn't make passphrases useless, for instance they still defend against an attacker who can read your files but not run code under your UID.
[1] i.e. they don't even necessarily have to take control of the entire machine
Which again points down the line that says it's the physical machine security that really matters.
Sure, preventing unauthorized physical access is a part of security, but people running unauthorized code across the network is a rather important risk too at the moment.
Web browsers for instance appear to be far too complicated for anyone to get right. I suspect most of us don't run our web browsers and outgoing SSH sessions under distinct UIDs though.
-
Adam Bower -
Chris Green -
Jon Dye -
Richard Kettlewell -
Wayne Stallwood