Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)

To: debian-project@lists.debian.org
Cc: Bastian Blank <waldi@debian.org>
Subject: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
From: Peter Palfrader <weasel@debian.org>
Date: Sat, 30 Aug 2008 18:30:53 +0200
Message-id: <[🔎] 20080830163053.GF9633@anguilla.noreply.org>
Mail-followup-to: Peter Palfrader <weasel@debian.org>, debian-project@lists.debian.org, Bastian Blank <waldi@debian.org>
In-reply-to: <[🔎] 20080830160709.GA25272@wavehammer.waldi.eu.org>
References: <20080827120031.GA32039@intrepid.palfrader.org> <20080828071223.GC7061@dario.dodds.net> <20080828193141.GK9633@anguilla.noreply.org> <[🔎] 20080830123208.GD9633@anguilla.noreply.org> <[🔎] 20080830131601.GA13250@wavehammer.waldi.eu.org> <[🔎] 20080830154616.GE9633@anguilla.noreply.org> <[🔎] 20080830160709.GA25272@wavehammer.waldi.eu.org>

On Sat, 30 Aug 2008, Bastian Blank wrote:

> > Or you use only resolvers that you have a trusted (i.e. ipsec)
> > connection to and those need to have a complete axfr'ed zone.
> 
> Then we can drop the whole ud-ldap thing and use centralized
> authentication.

Um.  I don't see why that follows.  I don't think it matters however.  :)
ipsec/stunnel etc aren't the solution.


> > > > What other options did we forget?
> > > 
> > > - Setup Kerberos, allow it as an additional ssh login variant
> > 
> > Circumvents the entire idea behind this exercise:  Assuming an attacker
> > already has control over one host we want to make it as hard as possible
> > for them to jump to other hosts.
> 
> Nope. It is the same that ssh with key auth. Anything an attacker can
> get is a short-term secret in form of a forwarded ticket. The service
> ticket themself is useless for anything else then the direct connection
> between the user and the server.

But it allows them to get a shell on the target server.  Even if only
for a short term[1].  This means we lose.


1. And more likely the user will fetch a full TGT on the source host
when they want to copy stuff to another host since the default mode of
login will probably stay ssh keys.
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to:

References:
- transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Peter Palfrader <weasel@debian.org>
- Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Bastian Blank <waldi@debian.org>
- Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Peter Palfrader <weasel@debian.org>
- Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Next by Date: Re: Please, stop this hurting vendetta, don't you think enough time has passed ?
Previous by thread: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Next by thread: Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Index(es):
- Date
- Thread