Re: Security implications of using ControlMaster

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 20.01.20 15:37, Nico Schottelius wrote:


Hey Konrad,

if the box is root compromised, anything you do on it is untrusted.

So you cannot use ssh or even type in any password into any of the
existing tool without likely leaking it to the attacker. She could even
have patched the (g)libc to forward input, so even a correct ssh binary
doesn't ensure your data is not compromised.
Yes, the attacker can change anything on the workstation. But I missed the detail that the ssh authentication on the bastion host is 2FA protected, so knowing or replying any password does give you access. You need to take over or piggy-pack on an existing connection. 
I also think that is not that difficult too.


So disabling ControlMaster does not fix the problem your SM described.

Cheers,

Nico


Konrad Bucheli <kb@xxxxxxx> writes:


Dear Mailing List

We are using a ControlMaster with a short ControlPersist to access the
bastion host which then gives access to customer hosts.

Our Information Security Manager would like to disallow the
ControlMaster. His attack scenario is an admin workstation with a
compromised root account. An attacker can then use the ControlMaster to
trivially get shell access on the bastion host without authentication
when the actual admin user has an open SSH connection.

My argument is that there is too little security gain for the loss of
convenience. If the attacker is root on the admin workstation, he has
other means, like exchanging the SSH binary to silently drop some
payload after connecting to the target or doing something similar by
using the TTY file used by the shell which runs ssh (like "ECHO OFF, do
your stuff, ECHO ON").

What is your opinion?

Kind regards

Konrad



--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch



--
Konrad Bucheli
Principal Systems Engineer

O.  +41 58 100 10 10
W.  open-systems.com

Open Systems

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux