Date: Thu, 31 May 2001 20:43:10 -0400 From: Hank Leininger <freebsd-security@progressive-comp.com> To: freebsd-security@FreeBSD.ORG Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <200106010043.UAA18400@mailer.progressive-comp.com>
next in thread | raw e-mail | index | archive | help
On 2001-06-01, "f.johan.beisser" <jan@caustic.org> wrote: > On Fri, 1 Jun 2001, Alex Holst wrote: > > impression that people are still using passwords (as opposed to keys > > with passphrases) for authentication in this day and age. Is that > > correct? If so, why is that? > based on what i've read this morning, it wouldn't have made > all that much of a difference. aparently the compromised > version of ssh recorded passphrases, and keys. > i don't see how else you could have avoided this problem. a) Don't hop through untrusted systems. b) Use protocol 2 exclusively to make MITM'ing harder. c) Use/require from=" " entries in your authorized_keys* files. d) When breaking a), exclusively port-forward the second hop inside the first; do *not* ssh to a command prompt and run 'ssh' on the intermediate host. e) When breaking all of the above (in an emergency, say) communicate with someone OOB *immediately* who can revoke all access you used in a safe way, until you can restore it via safe channels (consider any keys, passwords, etc you used to be compromised and never use them again). f) Hide under the bed. -- Hank Leininger <hlein@progressive-comp.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106010043.UAA18400>