Re: (rfc) too many keys, usecase?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 





Cristian Ionescu-Idbohrn wrote:
On Thu, 14 Apr 2016, Jakub Jelen wrote:
On 04/14/2016 01:19 PM, Cristian Ionescu-Idbohrn wrote:
[..]
Yes, I know about MaxAuthTries and I used it as a workaround.  Still,
I would imagine the remote server knows there's no point refusing the
slient offered keys one after the other, as none will work.  Why then
not telling the client there's no point trying, use password instead?
The server knows that there is no point in trying, but the (possibly
malicious) client does not know that. And server is trying to tell
the client the least possible amount of information (basic rule of
security).

Right.  Still, how much more damage could a malicious client do if it
ware presented with a password prompt?  Is it worth annoying the
non-malicious clients or push the admin into ticking up MaxAuthTries?

Same argument could be applied to why I bother to present a password prompt if all the server accepts only public keys. By not doing it, I reduce the possible attack service a hacker has to break into my server. Knowing that keys aren't except for the server or for an individual user it leaks information that an attacker can use against me. This is the same reason why a few years ago we went through painful effort to stop ssh from short-cutting out of bad authentications attempts. Because it leaked a bit of information an attacker could detect to shift their attack
method.


*shrug* My solution to this "issue" was to stop generating keys with standard id_{rsa,dsa,etc} names. And use something more useful "id_rsa_work" "id_rsa_play" .. etc.. Then I specify via ~/.ssh/config which key is to be served to a server. As I honestly never liked the "throw ssh keys at the server and see which one sticks" feature of the SSH RFC.
It feels like a lazy way of key administration.

It was great when you are learning, but sucks when you start collecting dozens of ssh keys for different community, work, personal, and friend's servers. All of them being completely different so you can keep good isolation habits (e.g. If I leave a community I want to do rm -rf .ssh/id_rsa_communityname* and know for a fact that I no longer have the key and it improves my confidence that I'm not going
to lose it, and thus causing a possible compromise if the community doesn't
do their own due diligence on removing my account or key).

The above also linked with ssh-agent and locking/unlocking ssh keys has how I've
lived for 10+ years now, and have never ran into this problem.

Honestly, it is better to learn to manage your SSH keys properly.

- Ben
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux