Re: SSH Newbie Questions: SSH and NFS-exported user homes

On 16 Sep, 01:12, all mail refused <elvis-85...@xxxxxxxxxxxxxx> wrote:
On 2007-09-15, Ignoramus29233 <ignoramus29...@xxxxxxxxxxxxxxxxxxxx> wrote:

On 15 Sep 2007 11:48:30 GMT, all mail refused <elvis-85...@xxxxxxxxxxxxxx> wrote:
On 2007-09-15, Ignoramus19284 <ignoramus19...@xxxxxxxxxxxxxxxxxxxx> wrote:

That root can get any file of the user, is nothing specificaklly
related to ssh.

But when NFS is involved root on some other host gets access to the files
of a user - and may then help himself to ssh access as that user.

Well, the root could get local keys, and get into the remote account,
even without NFS?

If a user has not yet installed any keys the NFS problem is still true.

If the keys have a passphrase the malicious root user has to do extra
work (such as installing malicious client s/w) to obtain it.

If the NFS export is wider than the expected clients then the danger
includes those other hosts.

The argument that "we can do this and it will be as secure as NFS"
looks like using one weakness to excuse another. NFS (without Kerberos) is
pitiful from a security angle.

If that remote root user can drop spare authorized_keys into the
user's "/.ssh/authorized_keys, few users are cautious enough to notice
extra keys. The damage that can be done by such a remote NFS user
is..... fascinating. Manipulating the .profile settings, dumping
binaries in the pereon's home directory that will be executed once
only for grabbing information or running rootkits on other servers,
etc. are all pretty straightforward abuses of such privilege, and
they've certainly happened.

.

Relevant Pages