SSH Risk from known_hosts?
Got questions? Go ahead: Ask me anything!
Date: Wed May 18 11:51:50 2005
Subject: SSH Risk from known_hosts?
Copyright May 2005 TonyLawrence
An MIT researcher thinks there is a big problem in ssh: http://www.techworld.com/security/news/index.cfm?NewsID=3668
I don't see it. This whole concept starts with a compromised machine. Duh: when a machine is compromised, all sorts of information about other machines it knows about is exposed. Getting the public keys from known_hosts isn't particularly useful in itself; public keys are, after all, *public* keys. Much more dangerous is the exposure of the private key counterparts. Combine the two, and yes, you may have a easy path to another machine.
I get the sense that what they are really talking about here is the danger from distributed credentials, a subject we've touched on here more than once: making it easy for the pointy eared boss and the other technically inept folk always affects security, and ssh is no different in that regard.
Maybe I'm missing something, but to my mind, a compromised box presents risk to other machines for a lot of reasons, and ssh is just one, and even that isn't necessarily an issue if you don't have other machines accepting public key authentication.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Increase ad revenue 50-250% with Ezoic