Date: Fri, 1 Jun 2001 16:23:27 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Michael Han <mikehan@mikehan.com> Cc: Crist Clark <crist.clark@globalstar.com>, security@FreeBSD.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601162327.G10477@mail.webmonster.de> In-Reply-To: <20010601012133.A1203@giles.mikehan.com>; from mikehan@mikehan.com on Fri, Jun 01, 2001 at 01:21:33AM -0700 References: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <3B16E7D9.3E9B78FF@globalstar.com> <20010531183732.B12216@xor.obsecurity.org> <3B16F492.128CB8B0@globalstar.com> <20010531191001.A12808@xor.obsecurity.org> <3B16FD12.B1F251C8@globalstar.com> <20010601012133.A1203@giles.mikehan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--L+ofChggJdETEG3Y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Michael Han(mikehan@mikehan.com)@2001.06.01 01:21:33 +0000: > Crist, I believe your analysis is correct WRT decrypted keys or > passphrases *not* being available except by compromising the > originating client hosting the first ssh-agent in a chain. However, > Kris is correct, as I understand agent forwarding, in that if you > forward your agent from trusted host A to untrusted host B, a rogue > superuser on B could copy your SSH_AUTH_SOCK environment and begin > passing RSA key requests back to your agent on A. There *is* a > vulnerability introduced by forwarding your agent to an untrusted > host, which is why I do not usually forward my agent. I try to give my > understanding of these issues in > http://www.mikehan.com/ssh/security.html this would be a standard man in the middle attack, right? capturing the challenge from one machine passing it (as root) to the agent, getting the response packet back and passing it on to the to-be-broken-in server should not work due to session keying, should'nt it? /k --=20 > 71: 69 with two fingers up your ass. --George Carlin KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 --L+ofChggJdETEG3Y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7F6VfM0BPTilkv0YRAp9cAKC+yvTjO/TUhJy55p6VVxbTe6xDMgCdGQ8I +6k7TzpUlFNHqHRfg0FIeco= =a1Cr -----END PGP SIGNATURE----- --L+ofChggJdETEG3Y-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601162327.G10477>