From owner-freebsd-security  Sun Feb 18  8: 4: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from dirac.th.physik.uni-bonn.de (dirac.th.physik.uni-bonn.de [131.220.161.119])
	by hub.freebsd.org (Postfix) with SMTP id A97A537B401
	for <freebsd-security@FreeBSD.ORG>; Sun, 18 Feb 2001 08:04:01 -0800 (PST)
Received: (qmail 63801 invoked from network); 18 Feb 2001 16:03:59 -0000
Received: from merlin.th.physik.uni-bonn.de (131.220.161.121)
  by dirac.th.physik.uni-bonn.de with SMTP; 18 Feb 2001 16:03:59 -0000
Received: (qmail 78635 invoked by uid 145); 18 Feb 2001 16:03:59 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 18 Feb 2001 16:03:59 -0000
Date: Sun, 18 Feb 2001 17:03:59 +0100 (CET)
From: Jan Conrad <conrad@th.physik.uni-bonn.de>
To: <cjclark@alum.mit.edu>
Cc: Kris Kennaway <kris@obsecurity.org>,
	<freebsd-security@FreeBSD.ORG>,
	Ralph Schreyer <schreyer@th.physik.uni-bonn.de>
Subject: Re: Why does openssh protocol default to 2?
In-Reply-To: <20010217234710.D62368@rfx-216-196-73-168.users.reflex>
Message-ID: <Pine.BSF.4.33.0102181612020.78276-100000@merlin.th.physik.uni-bonn.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 17 Feb 2001, Crist J. Clark wrote:

> On Fri, Feb 16, 2001 at 03:49:04PM +0100, Jan Conrad wrote:
>
> [snip]
>
> > What I would find reasonable is something like an .shosts mechanism for
> > ssh2 or, better, but more complicated, having the keys themselves
> > encrypted by some private key of the machine. Why should a user have
> > access to a plain key?
>
> OK, I am still not understanding why you believe SSH1 has advantages
> over SSH2 when a user has NFS mounted home directories. The real
> vulnerability to SSHx with NFS home directories is the threat that an
> attacker may write to .ssh/authorized_keys*. If you can write to that
> file, you can write to .shosts or .rhosts.
>
> What attack is SSH2 vulnerable to which SSH1 is not?

So in conclusion, simply the whole contents of the .ssh dir must not
appear on NFS shares. Then SSH2 is the only choice, I agree.

Thanks for all you comments
regards
	Jan




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message