[NCLUG] ssh2 - hostbased authentications

Quent quent at pobox.com
Mon Dec 11 10:06:20 MST 2000


On Sat, Dec 09, 2000 at 04:56:01AM +0000, dobbster wrote:
> Quent wrote:
> > 
> > The risk is that root's private key is stored unencrypted if it's created
> > with no passphrase.
> > 
> > Although it's stored so only root can read it, if someone got a copy they
> > could login to any remote host that trusts that key. With a passphrase,
> > the key is encrypted so anyone getting a copy would have to crack the
> > encryption in order to use the key.
> > 
> > I think this is another trust problem: if B trusts A and C trusts B,
> > then using ssh-agent and the private key from A, you can get C to trust A.
> > 
> > Of course, if someone can get to a file that's only readable by root
> > there are other problems.
> > 
> >         Quent
> 
> I haven't worked on this for a bit, but now I have done as you
> suggested, using a null passphrase.  I never managed to get the
> "hostbased" authentication to function properly for root; I suspect it's
> maybe because the IP address of the "local" machine doesn't resolve in
> DNS.
> 
> Is it sufficient to have /root/.ssh/ on both the local and remote
> machines set to 400?  I would think that this would minimize the risk.
> 
> Thanks,
> 
> Mark (dobbster at frii.com)
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
> 
> 

Make the directory 700; the authorized_keys file on the remote machine
should be 400.

The risk is that a chain of trust is being created so that if
root on one machine is cracked, root access to other machines
results. I guess security is all about deciding the level of
risk you can afford; there's no absolute approach. (as if I'm
some kind of expert, not :-)

	Quent



More information about the NCLUG mailing list