Secure Shell
SSH Option files using hashes instead of hostnames? Jun 27 2010 09:08PM
Dan Mahoney, System Admin (danm prime gushi org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 28 2010 05:02PM
Greg Wooledge (wooledg eeg ccf org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 01:32AM
Dan Mahoney, System Admin (danm prime gushi org) (3 replies)
On Mon, 28 Jun 2010, Greg Wooledge wrote:

> On Sun, Jun 27, 2010 at 05:08:14PM -0400, Dan Mahoney, System Admin wrote:
>> SSH allows the option of hashing the known-hosts file in order to prevent
>> people who get access to your account being able to jump other places. Is
>> is not conceivable that they'd want the same option with their options
>> file?
>
> It doesn't make sense. The point of a hash (at least in this context)
> is that you cannot reverse it to get the original data back. When ssh is
> connecting to a host, it has the hostname available, because you typed
> it on the command line. It can hash the hostname, and then look up the
> hash in the known_hosts file.

What? I think you're not understanding this, then.

The point of the hash is that if, someone has compromised my account (via
brute force, keyboard surfing, evil sysadmin, whatever, and whatever else
it contains (trusted keys, kerberos credentials, etc), they could look in
my known_hosts file and see what other hosts they could log into.

Now, assume I have that file hashed, but sitting in my ~/.ssh/config file,
I have:

# Server in guam is on overloaded DSL link
Host slowpoke
HostName slowpoke.secure.server.ad.company.com
ConnectTimeout 600
User admin

Well, there you go. Have fun. Even without the username, assume I have to
have other options in there like for port-forwards, or the like.

Now, keeping information in known_hosts is automatic and mostly mandatory,
and config files like this are optional. I recognize that.

But compare this with

HostnameHash |1|JYh/HiqdBkaEKeg0KrS9cHncJRI=|Qc2hMsrOMpReJLyOxwmps3nnb0k=
ConnectTimeout 600
User admin

(Assume that the lookup of the hash was done AFTER resolving the FQDN in
dns, like I said).

Yes, you can confirm that that host is also present in my known-hosts, but
you cannot log into it.

For the purposes of this discussion we'll assume I have shell-history
turned off.

> This doesn't apply to options. The ssh client would have to have the
> option already, so it could hash it and look for the hash in the file,
> to see whether it should have the option. As I said, it's nonsense.

Actually, you hadn't said that.

Yes, I recognize this is a corner-case, but other than saying it's
"nonsense" please tell me this would be less secure, and please feel free
to tell me there's no use-case for it.

-Dan

--

--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------

[ reply ]
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 12:05PM
Greg Wooledge (wooledg eeg ccf org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 06:01PM
Dan Mahoney, System Admin (danm prime gushi org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 30 2010 07:12PM
Robert Hajime Lanning (robert lanning gmail com)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 11:28AM
Alexander Klimov (alserkli inbox ru)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 08:01AM
Robert Hajime Lanning (robert lanning gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus