Bugtraq mailing list archives
Re: SSH & xauth
From: robert () CYRUS WATSON ORG (Robert Watson)
Date: Mon, 28 Feb 2000 21:45:34 -0500
On Sat, 26 Feb 2000, David Pybus wrote:
The issue here has nothing to do with xauth and everything to do with the trust granted by SSH. If you use SSH to connect to boxes that you don't trust or can't be confident are secure then you should be concerned about this. The major threat I see here is that a rooted box could be used to gain access to a secure box through the SSH tunnel, even if the secure box is behind a firewall that only allows outbound connections.
Since we're discussing problems with the default SSH/OpenSSH trust model, and X11 is now considered to be risky, we might as well follow on to the natural successor in the ``disable it due to safety'' world--the automatic forwarding of access to the authentication agent. By default, if you make use of the authentication agent for key management, any host you connect to will gain access to the ability to use the authentication agent. In the untrusted server scenario we've been discussing, this would present a significant risk, as anyone exploiting access to the authentication agent could gain any rights normally authorized by demonstration of the keying material in use. I.e., suppose you distributed a single identity.pub to a number of hosts as authorized_key to log in. Suppose you make use of ssh-agent, and ssh-add, to cache the keying material for use. Now suppose one of those hosts is compromised--for the lifetime of your ssh connection, the cracker of the compromised host can log into any account on the other hosts using that authorized_keys. If we're switching to a model where X11 forwarding is disabled by default on the client, we should also consider disabling agent forwarding, which can present a similar and significant risk. Robert N M Watson robert () fledge watson org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services
Current thread:
- SSH & xauth Brian Caswell (Feb 24)
- Re: SSH & xauth Andrey (Feb 25)
- Re: SSH & xauth David Terrell (Feb 25)
- Re: SSH & xauth Robert Watson (Feb 25)
- Re: SSH & xauth Lionel Cons (Feb 28)
- Re: SSH & xauth David Pybus (Feb 26)
- Re: SSH & xauth Robert Watson (Feb 28)
- xterm log file vulnerability Morten Welinder (Feb 29)
- false alarms by real secure Danton Nunes (Feb 29)
- New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- <Possible follow-ups>
- Re: SSH & xauth Oliver Friedrichs (Feb 25)
- Re: SSH & xauth Theo de Raadt (Feb 27)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 28)
- Serv-U FTP-Server v2.4a showing real path Berk Ulsoy (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)
- Re: SSH & xauth Theo de Raadt (Feb 27)
(Thread continues...)