From owner-freebsd-security Fri Jun 1 8: 5: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from mikehan.com (giles.mikehan.com [63.201.69.194]) by hub.freebsd.org (Postfix) with ESMTP id 026B237B422 for ; Fri, 1 Jun 2001 08:05:05 -0700 (PDT) (envelope-from mikehan@mikehan.com) Received: (from mikehan@localhost) by mikehan.com (8.11.3/8.11.3) id f51F4Tj02831; Fri, 1 Jun 2001 08:04:29 -0700 (PDT) (envelope-from mikehan) Date: Fri, 1 Jun 2001 08:04:13 -0700 From: Michael Han To: "Karsten W. Rohrbach" , security@FreeBSD.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601080413.D1203@giles.mikehan.com> References: <3B16E7D9.3E9B78FF@globalstar.com> <20010531183732.B12216@xor.obsecurity.org> <3B16F492.128CB8B0@globalstar.com> <20010531191001.A12808@xor.obsecurity.org> <3B16FD12.B1F251C8@globalstar.com> <20010601012133.A1203@giles.mikehan.com> <20010601162327.G10477@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010601162327.G10477@mail.webmonster.de>; from karsten@rohrbach.de on Fri, Jun 01, 2001 at 04:23:27PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jun 01, 2001 at 04:23:27PM +0200, Karsten W. Rohrbach wrote: > Michael Han(mikehan@mikehan.com)@2001.06.01 01:21:33 +0000: > > Crist, I believe your analysis is correct WRT decrypted keys or > > passphrases *not* being available except by compromising the > > originating client hosting the first ssh-agent in a chain. However, > > Kris is correct, as I understand agent forwarding, in that if you > > forward your agent from trusted host A to untrusted host B, a rogue > > superuser on B could copy your SSH_AUTH_SOCK environment and begin > > passing RSA key requests back to your agent on A. There *is* a > > vulnerability introduced by forwarding your agent to an untrusted > > host, which is why I do not usually forward my agent. I try to give my > > understanding of these issues in > > http://www.mikehan.com/ssh/security.html > this would be a standard man in the middle attack, right? > capturing the challenge from one machine passing it (as root) to the > agent, getting the response packet back and passing it on to the > to-be-broken-in server should not work due to session keying, should'nt > it? I always understood MITM to involve intercepting the connection to a server in order to be able to intercept the cleartext of the session. What I describe about a superuser on an intermediary host being able to exploit an agent forwarded is trivially proven if you have root on a machine you can RSA auth into: hosta% ssh -lme hostb hostb% echo $SSH_AUTH_SOCK /tmp/ssh-agt38oh/agent.1234 hostb% su - Password: # echo $SSH_AUTH_SOCK # SSH_AUTH_SOCK=/tmp/ssh-agt38oh/agent.1234 # export SSH_AUTH_SOCK # ssh -lme localhost hostb% This is SSH-1.5 implemented by OpenSSH 2.3.0. Perhaps protocol version 2 addresses this? -- mikehan@mikehan.com http://www.mikehan.com/ coffee achiever San Francisco, California A double negative is a no-no. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message