Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Jun 2001 02:30:51 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Borja Marcos <borjamar@sarenet.es>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Apache Software Foundation Server compromised, resecured. (fwd)
Message-ID:  <20010601023051.A54447@xor.obsecurity.org>
In-Reply-To: <01060109174003.87883@borja.sarenet.es>; from borjamar@sarenet.es on Fri, Jun 01, 2001 at 10:29:02AM %2B0200
References:  <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <01060109174003.87883@borja.sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help 

--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 01, 2001 at 10:29:02AM +0200, Borja Marcos wrote:
> On Friday 01 June 2001 02:28, you wrote:
> > 	based on what i've read this morning, it wouldn't have made
> > 	all that much of a difference. aparently the compromised
> > 	version of ssh recorded passphrases, and keys.
> >
> > 	i don't see how else you could have avoided this problem.
>=20
> 	If you use an authentication agent the keys are kept in your computer. I=
f=20
> you ssh from A to B and from B to C, the challenge used for the=20
> authentication is sent from C through B to A. This means that a compromis=
ed=20
> ssh client in B cannot log any keys.=20

But B can request that A authenticate you to any other host, at any
time during the lifetime of the A-B agent forwarding connection, using
your RSA key on A.  Even though B can't get your key itself, it can
authenticate as you as often as it likes, to as many systems as it
likes, as long as that agent forwarding channel is available.  That's
the next best thing, because when you obtain access to a system once,
in general (not always) it's fairly easy to retain access
indefinitely.

Kris

--lrZ03NoBR/3+SXJZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7F2DKWry0BWjoQKURAmCEAJ9Rra2H+/QTyCuXGqpFGOcNjwIzQwCfeLWl
DnHZEfS/ODXjc40CKdJQ/hM=
=3eVi
-----END PGP SIGNATURE-----

--lrZ03NoBR/3+SXJZ--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601023051.A54447>