Re: [CentOS] SSH Question relating to Public and Private Keys
On Thursday 17 April 2008, Brian Mathis wrote: > On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <[EMAIL PROTECTED]> wrote: > > On Tuesday 15 April 2008, Clint Dilks wrote: > > > 1. Currently all of the key pairs we are using have empty passphrases > > > is it worth the effort of changing this and setting up ssh-agent > > > compared to what you gain in security by doing this ? > > > > To get a clear idea of what keys with no passphrases are like consider > > the idea that users put their regular password in > > /home/$USER/my_passwd.txt > > > > We try our very best to stop any use of key-pairs without passphrase. > > All modern distros have ssh-agents. Using it is trivial, not using it is > > lazy. For extra security use "ssh-add -c" and you'll know when your agent > > is actually signing stuff. > > > > /Peter First, I'm not sure what point (if any) you're trying to make. Did you agree with me, the OP, neither? > This is a HUGE step backwards in security! What is? Not writing comments inline where they belong is confusing. > Now when your system in > compromised, the attacker will be able to get into ALL of the systems > that user has used that password on. Face it, users often use the > same password everywhere. This is really a bad, bad idea. Exactly, very very bad, that was my point. > With password-less SSH keys, at least they only gain access to the > systems with the corresponding key. Just as bad, why would users re-user ssh-keys more often than passwords? > Using an ssh-agent is often not feasible for system-level functions > that need to SSH. Wow, context switch. First we were talking users, now system automation tasks. Quite clearly very different tasks with very different security aspects and trade-offs. IMO this is best done with either a suitable restriction in the authorized_keys file (effectively limiting what you can do with the corresponding private key) or a restricted shell setup (see other post in thread). > Who's going to be there at 2AM to type in the > passphrase when the system reboots? If you script it, then you just > put the plaintext password in a script file again, and now have the > same problem. > > Remember, the old way of doing this was with rsh and .rhosts files, Trusting the host is quite different, this can also be done with ssh (in a much more secure fashion relying on the host-keys, not just the name). > and those were a problem because DNS could more easily be compromised, > and the system tricked into letting you in. SSH keys are meant to get > around THAT problem. No they are not. > Otherwise, all the secret keyfiles are protected > using restrictive permissions, Wrong again, keys are typically protected by encryption. Unix file access bits are just a dumb idea. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tue, Apr 15, 2008 at 11:48 AM, Fajar Priyanto <[EMAIL PROTECTED]> wrote: > On Tuesday 15 April 2008 16:13:55 William L. Maltby wrote: > > How sensitive is the data and how critical are the functions that that > > could be disrupted? What is the scope of exposure to intrusion from > > outside the organization (LAN, firewalls, in place, etc.). > > For example rsync functions. > It won't work automatically anymore in cron if we use passphrase. Use restricted shells if your doing cronjobs with rsync, You sould take a look at rssh http://dragontoe.org/rssh/. Andreas Pedersen > > -- > Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial > http://linux2.arinet.org > 16:48:28 up 8:02, 2.6.22-14-generic GNU/Linux > Let's use OpenOffice. http://www.openoffice.org > The real challenge of teaching is getting your students motivated to learn. > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Wed, Apr 16, 2008 at 8:15 PM, Brian Mathis <[EMAIL PROTECTED]> wrote: > > On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <[EMAIL PROTECTED]> wrote: > > On Tuesday 15 April 2008, Clint Dilks wrote: > > > 1. Currently all of the key pairs we are using have empty passphrases is > > > it worth the effort of changing this and setting up ssh-agent compared > > > to what you gain in security by doing this ? > > > > To get a clear idea of what keys with no passphrases are like consider the > > idea that users put their regular password in /home/$USER/my_passwd.txt > > > > /Peter > > > > This is a HUGE step backwards in security! Now when your system in > compromised, the attacker will be able to get into ALL of the systems > that user has used that password on. Face it, users often use the > same password everywhere. This is really a bad, bad idea. OK, I misread this part ;) Sorry. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tue, Apr 15, 2008 at 8:12 AM, Peter Kjellstrom <[EMAIL PROTECTED]> wrote: > On Tuesday 15 April 2008, Clint Dilks wrote: > > 1. Currently all of the key pairs we are using have empty passphrases is > > it worth the effort of changing this and setting up ssh-agent compared > > to what you gain in security by doing this ? > > To get a clear idea of what keys with no passphrases are like consider the > idea that users put their regular password in /home/$USER/my_passwd.txt > > We try our very best to stop any use of key-pairs without passphrase. All > modern distros have ssh-agents. Using it is trivial, not using it is lazy. > For extra security use "ssh-add -c" and you'll know when your agent is > actually signing stuff. > > /Peter > This is a HUGE step backwards in security! Now when your system in compromised, the attacker will be able to get into ALL of the systems that user has used that password on. Face it, users often use the same password everywhere. This is really a bad, bad idea. With password-less SSH keys, at least they only gain access to the systems with the corresponding key. Using an ssh-agent is often not feasible for system-level functions that need to SSH. Who's going to be there at 2AM to type in the passphrase when the system reboots? If you script it, then you just put the plaintext password in a script file again, and now have the same problem. Remember, the old way of doing this was with rsh and .rhosts files, and those were a problem because DNS could more easily be compromised, and the system tricked into letting you in. SSH keys are meant to get around THAT problem. Otherwise, all the secret keyfiles are protected using restrictive permissions, which is what you have to rely on for this security. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
Clint Dilks wrote: Hi People, The Linux Environment I am responsible for is using ssh key pairs to allow access to a number or accounts on a number Linux Servers. I currently have the opportunity to re-design some of this. So I would like to tap into peoples experiences to see what might be some good changes to make. Specifically I have a couple of questions 1. Currently all of the key pairs we are using have empty passphrases is it worth the effort of changing this and setting up ssh-agent compared to what you gain in security by doing this ? 2. At this stage I am going to use RSA Keys of the default size, is this generally the best approach? Thanks for any thoughts, and have a nice day :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Hi Again people, thank you for all the responses. You have definitely given me something to think about. Much appreciated :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
Fajar Priyanto wrote: On Tuesday 15 April 2008 16:13:55 William L. Maltby wrote: How sensitive is the data and how critical are the functions that that could be disrupted? What is the scope of exposure to intrusion from outside the organization (LAN, firewalls, in place, etc.). For example rsync functions. It won't work automatically anymore in cron if we use passphrase. Do you know what command rsync will run on the remote host? If you do, you can create a key pair without a passphrase and add the public key to the remote host, along with a forced command. This will allow the client with the corresponding private key to run this command only. Regards Ingemar ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tuesday 15 April 2008, Clint Dilks wrote: > 1. Currently all of the key pairs we are using have empty passphrases is > it worth the effort of changing this and setting up ssh-agent compared > to what you gain in security by doing this ? To get a clear idea of what keys with no passphrases are like consider the idea that users put their regular password in /home/$USER/my_passwd.txt We try our very best to stop any use of key-pairs without passphrase. All modern distros have ssh-agents. Using it is trivial, not using it is lazy. For extra security use "ssh-add -c" and you'll know when your agent is actually signing stuff. /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tuesday 15 April 2008, Fajar Priyanto wrote: > On Tuesday 15 April 2008 16:13:55 William L. Maltby wrote: > > How sensitive is the data and how critical are the functions that that > > could be disrupted? What is the scope of exposure to intrusion from > > outside the organization (LAN, firewalls, in place, etc.). > > For example rsync functions. > It won't work automatically anymore in cron if we use passphrase. Then please do use a restricted key. More specifically, add the key to the authorized_keys with restrictions (see man pages) /Peter signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tuesday 15 April 2008 16:13:55 William L. Maltby wrote: > How sensitive is the data and how critical are the functions that that > could be disrupted? What is the scope of exposure to intrusion from > outside the organization (LAN, firewalls, in place, etc.). For example rsync functions. It won't work automatically anymore in cron if we use passphrase. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 16:48:28 up 8:02, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tue, 2008-04-15 at 17:56 +1200, Clint Dilks wrote: > Hi People, > > The Linux Environment I am responsible for is using ssh key pairs to > allow access to a number or accounts on a number Linux Servers. I > currently have the opportunity to re-design some of this. So I would > like to tap into peoples experiences to see what might be some good > changes to make. Specifically I have a couple of questions > > 1. Currently all of the key pairs we are using have empty passphrases is > it worth the effort of changing this and setting up ssh-agent compared > to what you gain in security by doing this ? Keeping in mind what the other responders have said, you need to do at least an informal risk analysis to determine whether it is worth the effort. Without going into all the formalities of assessment, reduction, acceptance, assignment, ... How sensitive is the data and how critical are the functions that that could be disrupted? What is the scope of exposure to intrusion from outside the organization (LAN, firewalls, in place, etc.). How effectively will the enhanced procedures be used? Will users frequently try to bypass them because it is inconvenient etc.? OT: does the political environment (e.g. management) support increased security or does it view increased security as an inconvenient thing they view as really unnecessary in their situation? >From a purely technical POV, it is as the other responders have said. Having *decent* pass phrases is certainly worthwhile. > > 2. At this stage I am going to use RSA Keys of the default size, is this > generally the best approach? Unless you are in an environment that is a desirable target for espionage (corporate, military, ...) the default sizes are sufficient IMO. > > > Thanks for any thoughts, and have a nice day :) > -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
On Tue, Apr 15, 2008 at 7:56 AM, Clint Dilks <[EMAIL PROTECTED]> wrote: > 1. Currently all of the key pairs we are using have empty passphrases is it > worth the effort of changing this and setting up ssh-agent compared to what > you gain in security by doing this ? Sure. In the first case someone would only need the key to get into a machine, in the second case you need a key and a passphrase. Of course, that's stating the obvious, but it clearly adds a layer of security. So, do you want to trade security for comfort? I wouldn't, but that's your choice to make. > 2. At this stage I am going to use RSA Keys of the default size, is this > generally the best approach? While asymmetric cryptography is slow, the RSA keys are used to exchange keys for (fast) symmetric cryptography. So, it's usually a good idea to create large keys. Fortunately, the default in OpenSSH is 2048, which seems to be a fair key size. -- Daniel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Question relating to Public and Private Keys
Clint Dilks wrote: 1. Currently all of the key pairs we are using have empty passphrases is it worth the effort of changing this and setting up ssh-agent compared to what you gain in security by doing this ? Certainly, adding passphrases nudges the security up a step, as otherwise a compromised account means the offender can log onto any other system - or in the case of compromised root, can log in anywhere as anyone.. It comes down to, like all security measures, a balancing act between security and ease-of-use.. You need to take into consideration what data is around the systems, and what the worst case scenario would be.. -- Cheers, Morten ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SSH Question relating to Public and Private Keys
Hi People, The Linux Environment I am responsible for is using ssh key pairs to allow access to a number or accounts on a number Linux Servers. I currently have the opportunity to re-design some of this. So I would like to tap into peoples experiences to see what might be some good changes to make. Specifically I have a couple of questions 1. Currently all of the key pairs we are using have empty passphrases is it worth the effort of changing this and setting up ssh-agent compared to what you gain in security by doing this ? 2. At this stage I am going to use RSA Keys of the default size, is this generally the best approach? Thanks for any thoughts, and have a nice day :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
