From owner-freebsd-security  Tue Jun  5 10:50: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from magnetar.blackhatnetworks.com (magnetar.blackhatnetworks.com [65.166.202.3])
	by hub.freebsd.org (Postfix) with ESMTP id 0E62337B403
	for <freebsd-security@FreeBSD.ORG>; Tue,  5 Jun 2001 10:50:04 -0700 (PDT)
	(envelope-from alex@bsdfreak.org)
Received: from localhost (alex@localhost.blackhatnetworks.com [127.0.0.1])
	by magnetar.blackhatnetworks.com (8.x/8.x) with ESMTP id f55Hnwt20598;
	Tue, 5 Jun 2001 13:49:58 -0400 (EDT)
Date: Tue, 5 Jun 2001 13:49:58 -0400 (EDT)
From: Alex <alex@bsdfreak.org>
X-X-Sender:  <alex@magnetar.blackhatnetworks.com>
To: Alex Holst <a@area51.dk>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd)
In-Reply-To: <20010605194514.B98233@area51.dk>
Message-ID: <Pine.BSF.4.32.0106051348470.20750-100000@magnetar.blackhatnetworks.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Quoting Crist Clark (crist.clark@globalstar.com):
> > You cannot 'record passphrases.' RSA authentication uses public key
> > cryptography.
>
> Exactly. However, consider the three machines in the scenario below:
>
>         workstation ---> compromised middle machine ---> server
>
> I have been thinking about the least risk approach. If the middle machine
> has ssh and sshd trojaned to various degrees, would one not benefit from
> using authentication forwarding rather than typing one's passphrase to the
> ssh client on the compromised machine?

	This is a perfect scenario for the attack to perform a
man-in-the-middle attack, passive SSH analysis, or a brute force attempt
at the cryptographic integrity of the connection.

-Alex

>
> If one does lose his passphrase and the trojaned ssh captured the response
> it still wouldn't do an intruder much good, would it?
>
> --
> I prefer the dark of the night, after midnight and before four-thirty,
> when it's more bare, more hollow.                  http://a.area51.dk/
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message