SSH Newbie Questions: SSH and NFS-exported user homes - SSH

This is a discussion on SSH Newbie Questions: SSH and NFS-exported user homes - SSH ; Hi Fellow Users, As a newbie for SSH, I have the following two questions that I can't seem to find answers anywhere so far. 1. Using ssh in an environment where user home directory is NSF- mounted universally. For example, ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: SSH Newbie Questions: SSH and NFS-exported user homes

  1. SSH Newbie Questions: SSH and NFS-exported user homes

    Hi Fellow Users,

    As a newbie for SSH, I have the following two questions that I can't
    seem to find answers anywhere so far.

    1. Using ssh in an environment where user home directory is NSF-
    mounted universally.

    For example, I am trying to ssh from HostC (client) to HostS
    (server). My home folder,
    /user/user1, is NSF-mounted to both HostC and HostS (possibly from
    yet another server).
    Therefore, my private keys are already present on the server also
    (in addition to the
    client).
    In this scenario, is secure connection pointless (can't be made
    secure)? Or are there
    things one can try to make intelligent use of SSH in it? Is this
    not a commonly
    encountered situation out there, as I don't see any mention of
    such a case?

    For background, we had a set of desktops and a set of servers (for
    interactive work and
    running long batch programs). With the old rsh, we made it such
    that any user can
    easily remote login from his own desktop to another desktop or one
    of the servers at will,
    without passwords (using .rhosts settings). It may not the most
    secure way but it's hard
    to beat for convenience. Just wonder if similar setup is possible
    with SSH.

    2. No password login using SSH ( in the above-mentioned environment )

    Whether flawed or not, I have installed OpenSSH and set up an
    account with
    password-less login (i.e, I copied id_rsa.pub to authorized_keys
    in ~/.ssh).
    This seems to work ok. But the trouble is, for another account,
    the same method won't
    work! To the best of my knowledge I set up the second account the
    same way, but it fails
    (requires password), and I can't figure out what's the difference
    between the two.
    I know one account belongs to more unix groups than the other but
    I can't imagine any
    reason this might affect SSH.
    Another related point is: can password-less login work in the
    universal user home
    environment (as described above). Or is SSH solely for single
    client-based setup, i.e,
    the initial can only be from the one client host where you create
    the keys?
    Does anyone know any docs that explain this aspect.

    I would appreciate any comments or pointers regard these as I can't
    seem to figure it out.

    Thanks,
    Tony


  2. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    I do that at home. It is as secure as NFS is.

    Just add your public key to authorized_keys, that's all.

    i

  3. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    On 14 Sep, 20:34, Ignoramus19284
    wrote:
    > I do that at home. It is as secure as NFS is.
    >
    > Just add your public key to authorized_keys, that's all.
    >
    > i


    As secure as NFS is, is.... a fairly poor recommendation. It's known
    as "No F***ing Security" for good reasons. It's far too easy in most
    setups for a root user on an NFS client to pretend to be any other NFS
    user, and gain access to the entire contents of their home directory.
    This applies especailly to SSH private keys and SSH authorized_keys
    files.

    You'll need to think very, very carefully about how you handle keys in
    such an environment.


  4. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    On Fri, 14 Sep 2007 17:18:54 -0700, Nico wrote:
    > On 14 Sep, 20:34, Ignoramus19284
    > wrote:
    >> I do that at home. It is as secure as NFS is.
    >>
    >> Just add your public key to authorized_keys, that's all.
    >>
    >> i

    >
    > As secure as NFS is, is.... a fairly poor recommendation. It's known
    > as "No F***ing Security" for good reasons. It's far too easy in most
    > setups for a root user on an NFS client to pretend to be any other NFS
    > user, and gain access to the entire contents of their home directory.
    > This applies especailly to SSH private keys and SSH authorized_keys
    > files.


    That root can get any file of the user, is nothing specificaklly
    related to ssh.

    > You'll need to think very, very carefully about how you handle keys in
    > such an environment.
    >


    yep.

    i

  5. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    On 2007-09-15, Ignoramus19284 wrote:

    > That root can get any file of the user, is nothing specificaklly
    > related to ssh.


    But when NFS is involved root on some other host gets access to the files
    of a user - and may then help himself to ssh access as that user.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  6. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    On 15 Sep 2007 11:48:30 GMT, all mail refused wrote:
    > On 2007-09-15, Ignoramus19284 wrote:
    >
    >> That root can get any file of the user, is nothing specificaklly
    >> related to ssh.

    >
    > But when NFS is involved root on some other host gets access to the files
    > of a user - and may then help himself to ssh access as that user.
    >


    Well, the root could get local keys, and get into the remote account,
    even without NFS?

    i

  7. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    On 2007-09-15, Ignoramus29233 wrote:
    > On 15 Sep 2007 11:48:30 GMT, all mail refused wrote:
    >> On 2007-09-15, Ignoramus19284 wrote:
    >>
    >>> That root can get any file of the user, is nothing specificaklly
    >>> related to ssh.

    >>
    >> But when NFS is involved root on some other host gets access to the files
    >> of a user - and may then help himself to ssh access as that user.

    >
    > Well, the root could get local keys, and get into the remote account,
    > even without NFS?


    If a user has not yet installed any keys the NFS problem is still true.

    If the keys have a passphrase the malicious root user has to do extra
    work (such as installing malicious client s/w) to obtain it.

    If the NFS export is wider than the expected clients then the danger
    includes those other hosts.

    The argument that "we can do this and it will be as secure as NFS"
    looks like using one weakness to excuse another. NFS (without Kerberos) is
    pitiful from a security angle.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  8. Re: SSH Newbie Questions: SSH and NFS-exported user homes

    On 16 Sep, 01:12, all mail refused wrote:
    > On 2007-09-15, Ignoramus29233 wrote:
    >
    > > On 15 Sep 2007 11:48:30 GMT, all mail refused wrote:
    > >> On 2007-09-15, Ignoramus19284 wrote:

    >
    > >>> That root can get any file of the user, is nothing specificaklly
    > >>> related to ssh.

    >
    > >> But when NFS is involved root on some other host gets access to the files
    > >> of a user - and may then help himself to ssh access as that user.

    >
    > > Well, the root could get local keys, and get into the remote account,
    > > even without NFS?

    >
    > If a user has not yet installed any keys the NFS problem is still true.
    >
    > If the keys have a passphrase the malicious root user has to do extra
    > work (such as installing malicious client s/w) to obtain it.
    >
    > If the NFS export is wider than the expected clients then the danger
    > includes those other hosts.
    >
    > The argument that "we can do this and it will be as secure as NFS"
    > looks like using one weakness to excuse another. NFS (without Kerberos) is
    > pitiful from a security angle.


    If that remote root user can drop spare authorized_keys into the
    user's "/.ssh/authorized_keys, few users are cautious enough to notice
    extra keys. The damage that can be done by such a remote NFS user
    is..... fascinating. Manipulating the .profile settings, dumping
    binaries in the pereon's home directory that will be executed once
    only for grabbing information or running rootkits on other servers,
    etc. are all pretty straightforward abuses of such privilege, and
    they've certainly happened.


+ Reply to Thread