[nycbug-talk] Analyzing malicious SSH login attempts

Isaac Levy ike at lesmuug.org
Wed Sep 13 12:08:05 EDT 2006

Hi Dave, All,

On Sep 13, 2006, at 11:34 AM, David Lawson wrote:

> This is really the only part of what Ike has to say that I'd  
> disagree with.  Personally, I've found that, yes, it is cumbersome  
> to be entering a passphrase for every login to a machine, and that  
> negates a lot of the convenience that comes with using ssh keys and  
> makes their added security attractive to admins.

Dave, since I believe it was you and wintermute who taught me to use  
keys in the first place (sometime around 99'), and I *know* you  
regularly manage far more machines than I do, I'll happily nod with  
approval to this practice.

> The flip side of this is that I can't think of any good reason,  
> when using an agent to manage your keys, to have an un-passphrase  
> protected private key.  That would strike me as an extremely  
> irresponsible way to manage access, since that really does depend  
> entirely upon the security of they private key file.

Actually, one cool use I've applied in a pinch with great success, is  
to use un-passphrase keys for 'robot users' to run quick and dirty  
operations between machines.  Essentially, creating underprivileged  
user accounts who possess keys without passphrases, allows one to  
setup funky cron jobs to shuffle data, or run commands, over ssh.   
e.g. 'myrobotuser' can ssh files between machines nightly, or get ps  
statistics from the other machine every few minutes, or whatever.

I've done this in suituations where 2+ servers are not multi-user  
systems, for if one machine is compromised, those private keys are  
unprotected, and the other system is easily compromised...
So, this setup is really only useful when the threat lies in  
protecting network MITM between cron-powered robot rpc, and when the  
local machines are contextually trusted.

Kindof a hack for rpc, but getting creative with the building blocks  
is what makes UNIX fun and powerful, to me.  :)

> I can't really think of a good argument _against_ using keys to do  
> authentication, though I'd be interested to hear one if one exists.

Me too, my rpc-robot tangent above really is a different kind of key  
use- not daily admin login practices.


More information about the talk mailing list