Lets get this topic started. We've had a lot of requests to have fas authentication with third party groups (both nirik and dgilmore have requested such setups) We can easily set things up so that public key's can be used. I still have grave security concerns about this though. The obvious fear is compromise of a third party box that allows an unauthorized person to then access our production servers. The reality is this isn't much different from having an individual contributors machine get hacked and having them then log in to one of our boxes (this has happened once that I am aware of). The main difference though is how to target. Lets assume an attacker wants to commit something bad to our servers. If they wanted to do it as me, they'd have to attack my workstation and somehow gain root access on the box. At that point they'd be able to take my keys or agent. A difficult task. Now lets say that one of our third party machines is allowing people to build via mock for PPC (this is one real request). That third party box has the SSH keys of a number of people, lets say one of them is sysadmin-main. The attacker would need to merely create an fas account, request access to the group that gives access to that machine and they'd be able to take the ssh keys as people log in. Now, I've never actually done this. It's just my understanding that it'd work that way. If you had root on a box and I sshed there with my ssh key, would you not have access to take the key and log in to other boxes as me? So my question is, is this a real risk or is there a precaution in SSH preventing the attack i'm describing (basically a man in the middle type attack) I can think of a number of options to prevent this but I'm curious what the rest of you think. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
