Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Jun 2001 15:24:48 +0100
From:      David Taylor <davidt@yadt.co.uk>
To:        "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc:        security@FreeBSD.org
Subject:   Re: Apache Software Foundation Server compromised, resecured. (fwd)
Message-ID:  <20010601152448.A1982@gattaca.yadt.co.uk>
In-Reply-To: <20010601161951.F10477@mail.webmonster.de>; from karsten@rohrbach.de on Fri, Jun 01, 2001 at 16:19:51 %2B0200
References:  <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <3B16E7D9.3E9B78FF@globalstar.com> <20010531183732.B12216@xor.obsecurity.org> <3B16F492.128CB8B0@globalstar.com> <20010531191001.A12808@xor.obsecurity.org> <3B16FD12.B1F251C8@globalstar.com> <20010531193555.A13334@xor.obsecurity.org> <20010601161951.F10477@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 01 Jun 2001, Karsten W. Rohrbach wrote:
> this does not lead to a big tragedy since the agent protocol is
> challenge-response. a challenge is sent by the remote peer, the agent
> signs it using the local identity and send the response back to the
> remote peer. the remote side checks the signed response against the
> public key and if it matches c'est ca. if this way of authentication
> has to be considered dangerous, public key crypto is, since you could
> not give away you public key, then ;-) the private key is never ever
> presented to an entity on a remote system.
> 

public key crypto _would_ be dangerous if you automatically signed anything
an untrusted remote host threw at you.

Now, if ssh-agent were to ask you if it should sign the challenge each time,
that'd help.  But if the remote ssh binary is trojaned, it could be designed
to inject arbitrary commands into your session, so it wouldn't help very
much.

If you're allowing an untrusted machine to make a connection to another
machine, its insecure, basically.

-- 
David Taylor
davidt@yadt.co.uk

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601152448.A1982>