Date: Fri, 1 Jun 2001 08:04:13 -0700 From: Michael Han <mikehan@mikehan.com> To: "Karsten W. Rohrbach" <karsten@rohrbach.de>, security@FreeBSD.org Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <20010601080413.D1203@giles.mikehan.com> In-Reply-To: <20010601162327.G10477@mail.webmonster.de>; from karsten@rohrbach.de on Fri, Jun 01, 2001 at 04:23:27PM %2B0200 References: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <3B16E7D9.3E9B78FF@globalstar.com> <20010531183732.B12216@xor.obsecurity.org> <3B16F492.128CB8B0@globalstar.com> <20010531191001.A12808@xor.obsecurity.org> <3B16FD12.B1F251C8@globalstar.com> <20010601012133.A1203@giles.mikehan.com> <20010601162327.G10477@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 01, 2001 at 04:23:27PM +0200, Karsten W. Rohrbach wrote: > Michael Han(mikehan@mikehan.com)@2001.06.01 01:21:33 +0000: > > Crist, I believe your analysis is correct WRT decrypted keys or > > passphrases *not* being available except by compromising the > > originating client hosting the first ssh-agent in a chain. However, > > Kris is correct, as I understand agent forwarding, in that if you > > forward your agent from trusted host A to untrusted host B, a rogue > > superuser on B could copy your SSH_AUTH_SOCK environment and begin > > passing RSA key requests back to your agent on A. There *is* a > > vulnerability introduced by forwarding your agent to an untrusted > > host, which is why I do not usually forward my agent. I try to give my > > understanding of these issues in > > http://www.mikehan.com/ssh/security.html > this would be a standard man in the middle attack, right? > capturing the challenge from one machine passing it (as root) to the > agent, getting the response packet back and passing it on to the > to-be-broken-in server should not work due to session keying, should'nt > it? I always understood MITM to involve intercepting the connection to a server in order to be able to intercept the cleartext of the session. What I describe about a superuser on an intermediary host being able to exploit an agent forwarded is trivially proven if you have root on a machine you can RSA auth into: hosta% ssh -lme hostb hostb% echo $SSH_AUTH_SOCK /tmp/ssh-agt38oh/agent.1234 hostb% su - Password: # echo $SSH_AUTH_SOCK # SSH_AUTH_SOCK=/tmp/ssh-agt38oh/agent.1234 # export SSH_AUTH_SOCK # ssh -lme localhost hostb% This is SSH-1.5 implemented by OpenSSH 2.3.0. Perhaps protocol version 2 addresses this? -- mikehan@mikehan.com http://www.mikehan.com/ coffee achiever San Francisco, California A double negative is a no-no. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010601080413.D1203>