[svlug] Configuring Server - SSH Trouble + Security Considerations

Don Marti dmarti at zgp.org
Thu Oct 26 11:19:05 PDT 2006

begin Rick Moen quotation of Wed, Oct 25, 2006 at 09:00:39AM -0700:

> $BADUSER has shell on an indifferently administered university machine, 
> hunts around for local vulnerabilities, and cracks root.  Installs
> rootkit to hide his/her subsequent actions, replacing many local 
> binaries with trojaned substitutes, including /usr/bin/ssh and the
> kernel console driver.  $USER logs in, and in due course sshes outbound
> to host2.  A week later, $BADUSER, in rummaging through other captured
> data, notices and stows away $USER's outbound access information,
> including ssh private key and passphrase (from logged console data).  
> $BADUSER now sshes to host2, scps over his/her 'sploit collection, 
> cracks root, and repeats the cycle.
> Please notice how this regimen works for $BADUSER almost as easily and
> routinely with public keypair authentication as with ssh passwords, even 
> if the sysadmins and users do all key-handling steps correctly.

Yes, tricky problem.  Requiring a key prevents
the simplest form of the problem of using the same
password on two systems, but you can't keep a user
from putting the same key on two systems.

Is there a way for you, the administrator of the
server, to tell ssh hopping, like this:

  ssh -At lron.example.edu ssh xenu.linuxmafia.com

from risky private key copying?

Don Marti                    
dmarti at zgp.org 

More information about the svlug mailing list