From owner-freebsd-security Fri Jun 1 1:21:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from mikehan.com (giles.mikehan.com [63.201.69.194]) by hub.freebsd.org (Postfix) with ESMTP id EEC7937B424 for ; Fri, 1 Jun 2001 01:21:36 -0700 (PDT) (envelope-from mikehan@mikehan.com) Received: (from mikehan@localhost) by mikehan.com (8.11.3/8.11.3) id f518LYD01659; Fri, 1 Jun 2001 01:21:34 -0700 (PDT) (envelope-from mikehan) Date: Fri, 1 Jun 2001 01:21:33 -0700 From: Michael Han To: Crist Clark Cc: security@FreeBSD.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601012133.A1203@giles.mikehan.com> References: <3B16E7D9.3E9B78FF@globalstar.com> <20010531183732.B12216@xor.obsecurity.org> <3B16F492.128CB8B0@globalstar.com> <20010531191001.A12808@xor.obsecurity.org> <3B16FD12.B1F251C8@globalstar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B16FD12.B1F251C8@globalstar.com>; from crist.clark@globalstar.com on Thu, May 31, 2001 at 07:25:22PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 31, 2001 at 07:25:22PM -0700, Crist Clark wrote: > Kris Kennaway wrote: > > > > On Thu, May 31, 2001 at 06:49:06PM -0700, Crist Clark wrote: > > > Kris Kennaway wrote: > > > > > > > > On Thu, May 31, 2001 at 05:54:49PM -0700, Crist Clark wrote: > > > > > > > > > *sigh* > > > > > > > > > > You cannot 'record passphrases.' RSA authentication uses public key > > > > > cryptography. The client, the person logging in, proves it knows a > > > > > secret, the private key, without ever revealing it to the server who > > > > > only knows the public key. > > > > > > > > The ssh client on the sourceforge machine was trojaned; > > > > > > A lot of people SSH _out_ of the sourceforge machine(s)? And they do > > > so by typing a passphrase on that machine as opposed to agent forwarding? > > > > Apparently so. > > > > I believe agent forwarding still exposes the problem: it basically > > sets up a trust relationship with the remote system which allows > > processes running as you on the target machine to access the keys > > stored in the original ssh-agent on your source machine. > > > > i.e. in order to authenticate from the second machine to a third when > > agent forwarding is enabled from machine one to machine two, the > > second client requests a copy of your decrypted credentials which are > > stored in the ssh-agent on the first, and uses them as it pleases > > (ideally, only to authenticate -- once, and according to your > > directions -- with the third system). > > According to the documentation, this is NOT how the agent forwarding > works. The second client passes data, typically a challenge, back to > machine one, where the agent does its thing with the private key > material, then passes the decrypted challenge information back to > machine two. > > [snip] Crist, I believe your analysis is correct WRT decrypted keys or passphrases *not* being available except by compromising the originating client hosting the first ssh-agent in a chain. However, Kris is correct, as I understand agent forwarding, in that if you forward your agent from trusted host A to untrusted host B, a rogue superuser on B could copy your SSH_AUTH_SOCK environment and begin passing RSA key requests back to your agent on A. There *is* a vulnerability introduced by forwarding your agent to an untrusted host, which is why I do not usually forward my agent. I try to give my understanding of these issues in http://www.mikehan.com/ssh/security.html -- mikehan@mikehan.com http://www.mikehan.com/ coffee achiever San Francisco, California A closed mouth gathers no foot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message