From owner-freebsd-security@FreeBSD.ORG Mon Feb 9 22:13:41 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0717106566B for ; Mon, 9 Feb 2009 22:13:41 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [208.86.224.138]) by mx1.freebsd.org (Postfix) with ESMTP id 9116A8FC12 for ; Mon, 9 Feb 2009 22:13:41 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from mm.wbb.net.cable.rogers.com (mm.wbb.net.cable.rogers.com [74.210.92.229]) (authenticated bits=0) by orthanc.ca (8.14.3/8.14.3) with ESMTP id n19MDaas092630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Feb 2009 14:13:37 -0800 (PST) (envelope-from lyndon@orthanc.ca) Date: Mon, 9 Feb 2009 14:13:30 -0800 (PST) From: Lyndon Nerenberg To: Jason Stone In-Reply-To: <20090209134738.G15166@treehorn.dfmm.org> Message-ID: References: <200902090957.27318.mail@maxlor.com> <20090209170550.GA60223@hobbes.ustdmz.roe.ch> <20090209134738.G15166@treehorn.dfmm.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) Organization: The Frobozz Magic Homing Pigeon Company MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on orthanc.ca Cc: freebsd-security@freebsd.org, Daniel Roethlisberger Subject: Re: OPIE considered insecure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2009 22:13:42 -0000 > Right, but that's not the problem they're trying to solve. They're trying to > solve the problem of logging in _from_ an untrusted machine, to a trusted > machine. Okay, I got it backawrds. > So, an alternative might be to carry around a USB key with a one-time private > key, different from your normal private keys, and have the public key > command-squashed on the server to remove itself from authorized_keys before > running the shell. That's what I do -- multiple throw-away keys on a USB stick, for emergencies. However if you're that paranoid you better be carrying around your own set of ssh binaries on that stick as well. > You could generate several, each with a different passphrase (assuming that > you could manage to remember that many passphrases and which keys they go > with), and get a similar effect to printing out a card with the next ten OPIE > passwords. It's not that hard to come up with a scheme that lets you map from an identifier tagged to the private key to the corresponding password (in your head). It's a pain at the start, but once you've used a given scheme for a while it becomes second nature. Akso, note that you can get similar behaviour using K5 with one-off instances of your principal (e.g. lyndon.a6d5mps@EXAMPLE.ORG). The advantage here is that there are no key files involved (but you still want to carry a trusted kinit binary with you). The downside is that most sites don't have K5/GSSAPI enabled. And of those that do, a significant percentage of the implementations still don't to dynamic realm discovery, therefore you need a pre-existing arrangement to map your realm to the appropriate KDCs. --lyndon Happiness is a good martini, a good meal, a good cigar, and a good woman ... or a bad woman, depending on how much happiness you can stand. -- George Burns