From owner-freebsd-security  Sat Jun  2  8:57:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mikehan.com (giles.mikehan.com [63.201.69.194])
	by hub.freebsd.org (Postfix) with ESMTP id 7648837B424
	for <security@FreeBSD.ORG>; Sat,  2 Jun 2001 08:57:09 -0700 (PDT)
	(envelope-from mikehan@mikehan.com)
Received: (from mikehan@localhost)
	by mikehan.com (8.11.3/8.11.3) id f52Fv5P07340;
	Sat, 2 Jun 2001 08:57:05 -0700 (PDT)
	(envelope-from mikehan)
Date: Sat, 2 Jun 2001 08:57:05 -0700
From: Michael Han <mikehan@mikehan.com>
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc: security@FreeBSD.ORG
Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd)
Message-ID: <20010602085705.A3799@giles.mikehan.com>
References: <20010601143755.B88206@xor.obsecurity.org> <Pine.NEB.3.96L.1010602083607.65702I-100000@fledge.watson.org> <20010602155302.A56136@mail.webmonster.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010602155302.A56136@mail.webmonster.de>; from karsten@rohrbach.de on Sat, Jun 02, 2001 at 03:53:02PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sat, Jun 02, 2001 at 03:53:02PM +0200, Karsten W. Rohrbach wrote:
> 
> > Note also that in a multiple-key scenario, the SSH client provides no way
> > to selectively forward keys to hosts, or express policy regarding whether
> > keys are then forwarded by the host you have connected to.
> would it be very hard to add this functionality?
> where would the policies be stored?
> storing them in the identity would require changing the key file format,
> so i guess something like an agent configuration would make sense.
 
There's already a good precedent for this. $HOME/.ssh/config , which
is where I decide which hosts I connect to are trusted (override
ForwardX11 no and ForwardAgent no if desirable). So if someone thought
of a new configuration command, like "ForwardAgentKeys" which took a
list of fingerprints or something, that'd actually be a pretty
straightforward iway to do this.

My biggest complaint with ssh (though it's also quite nice) is the way
it punts so many security issues to the user. As an admin, that choice
makes it difficult to control the security policy on the network, and
occassionally scares me, since most users don't really seem to be very
concerned about security, yes ssh happily punts security policy issues
to them.
-- 
mikehan@mikehan.com                            http://www.mikehan.com/
coffee achiever                              San Francisco, California
The life uncaffeinated is not worth living.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message