current-users: Re: FreSSH

Subject: Re: FreSSH
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: current-users
Date: 03/11/2002 15:07:39
[ On Monday, March 11, 2002 at 14:18:25 (-0500), Charles Shannon Hendrix wrote: ]
> Subject: Re: FreSSH
>
> On Sun, Mar 10, 2002 at 05:57:38PM -0500, Greg A. Woods wrote:
> 
> > I for one might want all my users to always use encryption all of the
> > time.  
> 
> I don't see why this cannot be enforced in the ssh configuration.
> In fact, I would want that anyway, to control what ciphers and what not
> my users could activate.

Yes, of course it can, but I would guess that you and I are not,
unfortunately, a very representative sample of SSH administrators,
especially if you count all those who install SSH clients on their own
PCs as "admins".

> > > The sourceforge crack done a few months ago was done despite the
> > > encryption, so it's no garantee anyway.
> > 
> > Well, not exactly "despite the encryption" but rather more like
> > "despite, and perhaps even because of the requirement to use SSH", but I
> > see your point.
> 
> I think they said that had everyone originated from their own machine,
> the crack wouldn't have happened.

They might have said that, but if so then they would be incorrect as
they would be making unwarranted assumptions about the client machines.

> When you hop, you put a lot of trust in the middleman.  I cannot remember
> now if the perpetrator was staff at the middleman, or just a patient
> snooper.  

Yes, any intermediate host which is used effectively as an SSH proxy
must be trusted (i.e. must be as secure as, or more secure than), both
of the ultimate end points of the SSH session.

Note though that the client host _must_ be just as secure as the server
host even in a one-to-one connection.  SSH requires that you trust the
client host just as much as you trust the server host, and vice versa.
Any vulnerability in the client host (or even one in some of its
attached peripherals) can result in what's essentially an effective man
in the middle attack.  The obvious and ideal example is of trojaned
client software, but even a trojaned keyboard driver or less will
suffice.

An intermediate host is just another link in the chain.  It may be the
weakest, or the strongest.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>