From owner-freebsd-security Sun Jun 3 6:26: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.atabersk.de (yerowned.atabersk.de [212.34.96.58]) by hub.freebsd.org (Postfix) with ESMTP id D40A237B401 for ; Sun, 3 Jun 2001 06:26:01 -0700 (PDT) (envelope-from patrick-lists@atabersk.de) Received: (qmail 51979 invoked by uid 1000); 3 Jun 2001 13:25:57 -0000 Date: Sun, 3 Jun 2001 15:25:57 +0200 From: Patrick Atamaniuk To: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010603152556.B51658@mail.atabersk.de> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sm4nu43k4a2Rpi4c" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from brian@collab.net on Fri, Jun 01, 2001 at 08:55:16AM -0700 X-Arbitrary-Number-Of-The-Day: 42 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Brian Behlendorf(brian@collab.net)@2001.06.01 08:55:16 +0000: > On 1 Jun 2001, Dag-Erling Smorgrav wrote: > > You don't need passwords to run CVS against a remote repository. All > > you need is 'CVSROOT=3Duser@server:/path/to/repo' and 'CVS_RSH=3Dssh'. >=20 > For those who use windows and mac GUI CVS clients, pserver's a > requirement. >=20 > IMHO, passwords are neither better nor worse, necessarily, than keys, in > authenticating to a server. The basic difference is between "what you > know" and "what you have". I'm as worried about people who have poor > password management practices, as I am about people whose home or work > machines where their private keys are may not be the most secure. OR having the same private key on more than one machine. The second problem is the practice of 'hopping', which then involves typing pass[wd|phrase] on a trojaned client. Using ssh-agent or not, using an untrusted client for performing challenge-response operations caused the secondary attack to 3rd servers. Host-hopping must become a banished practice. If hopping has to be done, the untrusted client must not perform any authentication to the 3rd server. This probably can be achieved with standa= rd port forwarding. Assume i do have a private key on my local workstation A for host B and C. i establish a tunnel from A to B: A> ssh -L 9999:C:22 B and use it with A> ssh -p 9999 localhost host B is only involed with authorized_keys authorizing the tunnel establis= hment. All authentication between C and A does not involve the client B decrypting= anything. Though B can snoop the communication as it would be on local lan, it cannot= directly intercept keystrokes for passphrase or perform AUTH_SOCK capturing. imvho. --=20 regards, Patrick ---------------------------------------------------- Patrick Atamaniuk patrick@atabersk.de ---------------------------------------------------- --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7GjrkeMAU+YCwvPYRAjA1AKCjVhi7EX/4arFsQciBlsVcBh0C8wCeIQ57 vo5TK8jbVitfb4TXkCehuIE= =xTSx -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message