[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The keychain package, its debconf templates, the security hole induced

On Fri, 21 Jan 2005, Martin Quinson wrote:
> Dudes. There is a reason why those informations are not written to file by
> ssh itself. If my local machine gets corrupted, I'm happy to see the

And it is because all of ssh-agent is a second-thought crap, as evidenced by
the fact that stock ssh-agent is not capable of "withholding keys unless
given explicit permission to act every time one request comes".

But it is still usefull as all heck crap.  I use it all the time, along with
keychain.  But certainly not without paying attention to what I am doing.

> You should at least speak about the potential security risk in the
> description. 


> I'd drop the package from the archive right away. I have several cron jobs
> using ssh keys (a new key for each cron, without pass and allowed to do only
> one specific command on the remote host).

This can very well be a much bigger security risk than doing what you
already do BUT using passphrases AND ssh-agent to reduce the window of

And avoiding keychain does not make it much more difficult to find out how
to talk to any in-memory ssh-agent anyway, you know.

NOR does it make it any more difficult to locate all unprotected keys in
your machine through a rgrep.

>  - speak about the potential security hazard in description
Or in README.Debian.

>  - check the pre-installed version before showing your crufty template (or
>    use README.Debian, it's what it's good for)

Actually, that's NEWS.Debian material.  And yes, drop it from debconf

>  - do usefull changelog entries in your packages in the future.

Seconded, thirdied, etc.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: