Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Feb 2001 09:37:51 -0800
From:      Alfred Perlstein <bright@wintelcom.net>
To:        Jan Conrad <conrad@th.physik.uni-bonn.de>
Cc:        Kris Kennaway <kris@obsecurity.org>, freebsd-security@FreeBSD.ORG, Ralph Schreyer <schreyer@th.physik.uni-bonn.de>
Subject:   Re: Why does openssh protocol default to 2?
Message-ID:  <20010215093751.E3274@fw.wintelcom.net>
In-Reply-To: <Pine.BSF.4.33.0102151309060.41000-100000@merlin.th.physik.uni-bonn.de>; from conrad@th.physik.uni-bonn.de on Thu, Feb 15, 2001 at 01:18:45PM %2B0100
References:  <20010215033410.A86524@mollari.cthul.hu> <Pine.BSF.4.33.0102151309060.41000-100000@merlin.th.physik.uni-bonn.de>

next in thread | previous in thread | raw e-mail | index | archive | help
* Jan Conrad <conrad@th.physik.uni-bonn.de> [010215 04:19] wrote:
> On Thu, 15 Feb 2001, Kris Kennaway wrote:
> 
> > On Thu, Feb 15, 2001 at 12:30:20PM +0100, Jan Conrad wrote:
> > > Hello,
> > >
> > > for quite a long time now I cannot understand why people encourage others
> > > for using ssh2 by default and I wanted to ask the readers of this list for
> > > their opinion.
> >
> > SSH1 has fundamental protocol flaws.  SSH2 doesn't, that we know of.
> 
> I knew that statement... Could you give me a good reference for a
> detailed discussion on that?
> 
> >
> > > Even though I believe people saying that ssh2 is much more secure for root
> > > accounts and servers etc. I don't see why this should be true in general.
> > >
> > > Especially on bigger, say university networks as ours, where you often
> > > find BNC segments or the switches are more or less acessible to everyone
> > > (who really wants to...) in my opinion ssh2 is much more insecure as ssh1.
> > >
> > > My problem simply is that the id_dsa file is stored in user home dirs,
> > > which typically are mounted via NFS. So ssh2, in contrast to ssh1 with
> > > RSAAuthentication disabled, allows sniffers to access your system even
> > > without *actively* attacking your system, all you need is the id_dsa
> > > file....
> > >
> > > Even if that file is protected by a passphrase, you don't gain much...
> >
> > I don't understand your complaint.  If you don't want to use SSH2 with
> > RSA/DSA keys, don't do that.  Use the UNIX password or some other PAM
> > authentication module (OPIE, etc)
> 
> Sorry - I did not want to complain... (really :-)
> 
> What would you suggest for NFS mounted home dirs as a reasonable solution?
> (To store keys I mean..)

Don't store the public key in on an NFS shared disk especially if
it's not encrpyted.

What you do is keep a copy of .ssh/authorized_keys2 only on the NFS
shares, you then fire up an agent remotely on a trusted machine 
(your laptop) and hop from machine to machine taking into account
that if you choose to forward authentication root can hijack you
authentication on any box between your trusted host and the final
destination.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010215093751.E3274>