Re: Apache Software Foundation Server compromised, resecured. (fwd)

From: Alex (alex@bsdfreak.org)
Date: 06/05/01 

Date: Tue, 5 Jun 2001 13:49:58 -0400 (EDT)
From: Alex <alex@bsdfreak.org>
To: Alex Holst <a@area51.dk>

> Quoting Crist Clark (crist.clark@globalstar.com):
> > You cannot 'record passphrases.' RSA authentication uses public key
> > cryptography.
>
> Exactly. However, consider the three machines in the scenario below:
>
> workstation ---> compromised middle machine ---> server
>
> I have been thinking about the least risk approach. If the middle machine
> has ssh and sshd trojaned to various degrees, would one not benefit from
> using authentication forwarding rather than typing one's passphrase to the
> ssh client on the compromised machine?

        This is a perfect scenario for the attack to perform a
man-in-the-middle attack, passive SSH analysis, or a brute force attempt
at the cryptographic integrity of the connection.

-Alex

>
> If one does lose his passphrase and the trojaned ssh captured the response
> it still wouldn't do an intruder much good, would it?
>
> --
> I prefer the dark of the night, after midnight and before four-thirty,
> when it's more bare, more hollow. http://a.area51.dk/
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... RSA authentication uses public key ... consider the three machines in the scenario below: ... has ssh and sshd trojaned to various degrees, ... If one does lose his passphrase and the trojaned ssh captured the response ...
    (FreeBSD-Security)
  • HELP please! Why is the agent NOT recognized
    ... local SSH client is HPUX 10.20. ... Remote protocol version 1.99, ... Waiting for server public key. ... SSH_CLIENT: Remote: RSA authentication accepted. ...
    (SSH)
  • Trapping banner displayed by sshd during ssh / scp?
    ... ssh & scp. ... two commands on a remote system. ... uses ssh (rsa authentication again) to execute another two commands ...
    (comp.security.ssh)
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... Ssh is not vulnerable to attacks from china. ... cryptography? ... Well, take it from me, ssh uses secure encryptions. ... >> nonstandard port. ...
    (comp.os.linux.misc)
  • Re: SSH Dropping Connections
    ... I know for sure that ssh session can be held even after a couple of minutes without network connection. ... This same remote worker was previously using an ipsec vpn with 3des and had no problems so I suspect that 3des is more forgiving that the ssh protocolbeing used for cryptography, although I am aware that ssh can use several different crypto algorithms, and reading the man page again it seems that 3des is the default on linux but PuTTY seems to default to AES first so perhaps it is AES being less forgiving that 3des? ...
    (SSH)