Re: Darn skiddies (ssh login attempts)

To: debian-security@lists.debian.org
Subject: Re: Darn skiddies (ssh login attempts)
From: Michael Stone <mstone@debian.org>
Date: Mon, 04 Apr 2005 14:45:06 -0400
Message-id: <[🔎] 20050404184505.GK11577@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 42517E78.1080206@salk.edu>
References: <200503312244.53499.bmsims1@insightbb.com> <[🔎] 20050401074008.GB12840@sandbender> <[🔎] 6b9f80f9ed993c425821b4c7f0440b07@salk.edu> <[🔎] 20050401142350.GB11577@mathom.us> <[🔎] b0f6725b82f919fdd20c9376cb9a590c@salk.edu> <[🔎] 20050404000320.GG11577@mathom.us> <[🔎] 42516F62.1040703@salk.edu> <[🔎] 20050404165722.GJ11577@mathom.us> <[🔎] 42517E78.1080206@salk.edu>

On Mon, Apr 04, 2005 at 10:50:48AM -0700, Chris Adams wrote:

They were also never portrayed as such - merely an additional layer ofprotection

It's not an additional layer if you replace passwords with keys.

It allows you to step in the middle of the process - it's not simply aquestion of dropping a file in ~/.ssh/ with no checks. Since the usercan't use any key they want this allows you have, say, a process ofrequiring a decent password, stashing the public key somewhere else,making the private key file immutable to prevent password changes orremoval, and record an audit log entry (all of which could be done by anssh-keygen wrapper).


Which implies that you're controlling both the client and the server,
which begs the question of why you're exposed to attacks from random
hosts in the first place...

All of which is irrelevent - we're comparing it to plaintextauthentication, where our hypothetical attacker already has theirpassword without having to brute force anything. It also requires you tohave a copy of the keyfile in the first place, which is harder thanfiring up an ssh brute-force bot.


So you're comparing a MITM password attack to a secret key brute force

attack. Apples and oranges, anyone?

Right, but in the real world password policies don't work so wellbecause normal humans don't handle high-entropy passwords well andthey're going to find an algorithm which your policy doesn't catch,


So? If you can't figure out the algorithm with brute force attacks
(e.g., cracklib) it's fairly likely that an attacker using the same
techniques can't either--which means that the password policy takes care
of the attack we started out talking about at the start of the thread.
These worms aren't using secret password cracking mojo, they're largely
trying things like account guest/password guest and other trivially
preventable problems. The compromises I've seen due to these ssh worms
that are going around have *all* been on systems that didn't enforce
strong password policies. That's why I find it vaguely humorous when
people suggest that replacing the passwords with ssh keys is the right
solution and then wave their hands about the key management problem. The
tools and (admin/user) education needed to enforce password practices
are *trivial* to implement compared to the tools and education required
to secure private keys properly. If someone didn't implement passwords
well, suggesting that switching to ssh keys without doing else will
solve their security problems is a bit, well, far-fetched. ssh keys
*can* be an effective tools, but *only* after doing a good risk
assessment, understanding and accepting the new risks that ssh keys
bring, and coming up with a good plan for deploying and using them in a
secure manner.

generate helpdesk traffic due to lost passwords


As opposed to forgotten key passwords? Seems like a wash to me.

and store it insecurely because they don't always remember it.


Insecure storage is at the heart of the problems with ssh keys--you
can't (with any sort of credibility) argue that users *can* store keys
securely but *can't* store passwords securely.

That's not actually true for all ssh-agent implementations


And how do you control the client-side agent? The protocol allows it, so
it's a vulnerability.

case, it's simply restating a point which was never in question: if the


Sure it was. At one point you (or someone) said that ssh keys were great
because they couldn't be captured at intermediate hosts. But if you're
forwarding the agent that attack vector is a wash.

The system I outlined above means that they can't simply use any randomssh key but, frankly, if your users are actively trying to subvert yoursecurity system you have bigger problems than script kiddies.


Welcome to real life. If your security relies entirely on users doing
the right thing all the time you're going to get burned. A good security
policy requires informed users but also some mechanisms to make it
harder for people to screw up--unless your userbase is entirely
infallible. (And I, for one, will welcome our new robotic overlords. :-)

Mike Stone

Reply to:

References:
- Re: Darn skiddies (ssh login attempts)
  - From: Robert Lemmen <robertle@semistable.com>
- Re: Darn skiddies (ssh login attempts)
  - From: Chris Adams <cadams@salk.edu>
- Re: Darn skiddies (ssh login attempts)
  - From: Michael Stone <mstone@debian.org>
- Re: Darn skiddies (ssh login attempts)
  - From: Chris Adams <cadams@salk.edu>
- Re: Darn skiddies (ssh login attempts)
  - From: Michael Stone <mstone@debian.org>
- Re: Darn skiddies (ssh login attempts)
  - From: Chris Adams <cadams@salk.edu>
- Re: Darn skiddies (ssh login attempts)
  - From: Michael Stone <mstone@debian.org>
- Re: Darn skiddies (ssh login attempts)
  - From: Chris Adams <cadams@salk.edu>

Prev by Date: Re: Darn skiddies (ssh login attempts)
Next by Date: Re: [SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution (fwd)
Previous by thread: Re: Darn skiddies (ssh login attempts)
Next by thread: Re: Darn skiddies (ssh login attempts)
Index(es):
- Date
- Thread