l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Jun 25 17:16

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] secure diary thoughts
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] secure diary thoughts

Quoting ME (dugan@passwall.com):

> And these (above) raise the bar. An ssh from the machine administrated by
> the untrusted admin can still be taken over on the tty and anything viewed
> on that tty can be found and read by the "eviul admin". OTP, secured
> passphrases, etc (and those listed above) are still effective at
> insulating the machine at the other end from attack but still not entirely
> impossible to trojan in order to local machine to attempt to issue
> commands to the remote machine with the same access as the user who just
> connected. [snip]

Well, yes.  Obviously, root owns the remote machine (SSH server) totally.

My point was solely that the cited modifications prevent use of that
particular user's SSH channels (or ones with his authority) to subvert
the server host if the client host is compromised.  I _think_ they also
might make it impractical to subvert the client host if the server
host is compromise (but I'm less certain of that, and would have to 
think about threat models some more).

You were (earlier) making the excellent point that all SSH -- by itself
-- really accomplishes is to let you operate over a hostile network with
confidence if you have faith in both endpoints.  I was trying to suggest
a modification where that is true, but where you can also prevent one
end being compromised from causing the other end to be, too.

> The "better" solution is to have an admin you can trust, or be the admin
> yourself and make sure nobody else has admin control. :-)

Yeah, tell me.  There was a company I worked at (which shall go
nameless) whose entire internal WAN became compromised because some
nitwit sysadmin SSH'd out to a public hosting service the firm operates
and SSH'd back in.  Unfortunately for that nitwit, the hosting service's 
SSH client was trojaned and reported his security tokens directly to the 
bad guy, who then just followed him in.  Game, set, match.

If I'd stuck fully to my principles, I'd never have used the firm's 
IS-maintained workstations to SSH home -- and instead, used only my 
personal laptop for that purpose, thus obeying your dictum about SSH
being a fine way to traverse hostile networks if you trust both ends.

So, I had to scramble home, lock everything down ASAP, and pray to 
Great Finagle.  That time, I got lucky -- and I never repeated that
particular mistake.

Carrying the LNX-BBC disk around is very helpful, in that regard.

Cheers,   The difference between common sense and paranoia is that common sense
Rick Moen     is thinking everyone is out to get you.  That's normal; they are.
rick@linuxmafia.com      Paranoia is thinking they're conspiring.  -- J. Kegler
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.