Re: SSH Option files using hashes instead of hostnames?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 28 Jun 2010, Greg Wooledge wrote:


On Sun, Jun 27, 2010 at 05:08:14PM -0400, Dan Mahoney, System Admin wrote:

SSH allows the option of hashing the known-hosts file in order to prevent
people who get access to your account being able to jump other places.  Is
is not conceivable that they'd want the same option with their options
file?


It doesn't make sense.  The point of a hash (at least in this context)
is that you cannot reverse it to get the original data back.  When ssh is
connecting to a host, it has the hostname available, because you typed
it on the command line.  It can hash the hostname, and then look up the
hash in the known_hosts file.


What?  I think you're not understanding this, then.
The point of the hash is that if, someone has compromised my account (via brute force, keyboard surfing, evil sysadmin, whatever, and whatever else it contains (trusted keys, kerberos credentials, etc), they could look in my known_hosts file and see what other hosts they could log into.
Now, assume I have that file hashed, but sitting in my ~/.ssh/config file, I have: 

# Server in guam is on overloaded DSL link
Host slowpoke
HostName slowpoke.secure.server.ad.company.com
ConnectTimeout 600
User admin
Well, there you go. Have fun. Even without the username, assume I have to have other options in there like for port-forwards, or the like.
Now, keeping information in known_hosts is automatic and mostly mandatory, and config files like this are optional. I recognize that. 

But compare this with

HostnameHash |1|JYh/HiqdBkaEKeg0KrS9cHncJRI=|Qc2hMsrOMpReJLyOxwmps3nnb0k=
ConnectTimeout 600
User admin
(Assume that the lookup of the hash was done AFTER resolving the FQDN in dns, like I said).
Yes, you can confirm that that host is also present in my known-hosts, but you cannot log into it.
For the purposes of this discussion we'll assume I have shell-history turned off. 


This doesn't apply to options.  The ssh client would have to have the
option already, so it could hash it and look for the hash in the file,
to see whether it should have the option.  As I said, it's nonsense.


Actually, you hadn't said that.
Yes, I recognize this is a corner-case, but other than saying it's "nonsense" please tell me this would be less secure, and please feel free to tell me there's no use-case for it. 

-Dan

--

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------
[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux