Thread: Preventing Auto-Login
View Single Post

  #6  
Old 07-16-2008, 03:51 AM
Default Re: Preventing Auto-Login
On 16 Jul, 05:19, comph...@toddh.net (Todd H.) wrote:
> Nico Kadel-Garcia writes:
> > On 15 Jul, 19:39, comph...@toddh.net (Todd H.) wrote:
>
> >> Key based auth is actually more secure than password auth as it
> >> resists brute force attacks much better. * If you've checked log files
> >> for any sshd on the internet, *you know that brute force attacks are
> >> out there in force!
>
> > Survey says.... maybe not. Many lazy programmers use passphrase-less
> > SSH keys for all sorts of inappropriate system access. And the
> > behavior of ssh-keygen to allow such passwords, by default, by simply
> > refusing to type in a passphrase contributes heavily to the problem,
> > and to the attitude, that merely using SSH keys makes things secure.
>
> > Having an unprotected SSH key is as bad as taping your password under
> > your keyboard, and they're much easier to steal off of backup tapes or
> > NFS shares. If you're somewhat aggressive about your site security,
> > it's a good policy to check user's .ssh/ directories for password-free
> > keys.
>
> Which, if you read the rest of my post other than what you trimmed and
> quoted, you'd see I agree with as well.
>
> --
> Todd H.http://www.toddh.net/

I'm sorry, Todd, for missing the details of your post. I do agree with
you on most of it as well.

But you commented on weak keys: I will stand by my concern over the
existing, common practice of using *no* passphrase on keys. It drives
me nuts, and is one of the most common mistakes. I've had an
unfortunate security conversation with several Sourceforge
contributors about *NOT* storing their password free keys on NFS
shares. The rampant mishandling of SSH keys, and the storage of HTTP/
HTTPS/svnserve keys in plain text locally, are someof my big problems
with Subversion itself as a source control system, and why I'm
studying up on git right now.

You also missed that 'not readable' for SSH keys is nowhere enough
protection. NFS shares of home directories are pretty trivially
readable by anyone, and backup tapes can and do get perused by others.
This sort of thing is why I'm more eager than ever to pursue single-
sign-on Kerberized authentication, for SSH users especially. There's a
Putty variant that supports this now, and it's scheduled to go into
the next Putty release if I remember Simon Tatham's comments on this
correctly. And I'm pursuing it for RHEL use.
Reply With Quote