[nycbug-talk] Analyzing malicious SSH login attempts
ike at lesmuug.org
Wed Sep 13 12:08:05 EDT 2006
Hi Dave, All,
On Sep 13, 2006, at 11:34 AM, David Lawson wrote:
> This is really the only part of what Ike has to say that I'd
> disagree with. Personally, I've found that, yes, it is cumbersome
> to be entering a passphrase for every login to a machine, and that
> negates a lot of the convenience that comes with using ssh keys and
> makes their added security attractive to admins.
Dave, since I believe it was you and wintermute who taught me to use
keys in the first place (sometime around 99'), and I *know* you
regularly manage far more machines than I do, I'll happily nod with
approval to this practice.
> The flip side of this is that I can't think of any good reason,
> when using an agent to manage your keys, to have an un-passphrase
> protected private key. That would strike me as an extremely
> irresponsible way to manage access, since that really does depend
> entirely upon the security of they private key file.
Actually, one cool use I've applied in a pinch with great success, is
to use un-passphrase keys for 'robot users' to run quick and dirty
operations between machines. Essentially, creating underprivileged
user accounts who possess keys without passphrases, allows one to
setup funky cron jobs to shuffle data, or run commands, over ssh.
e.g. 'myrobotuser' can ssh files between machines nightly, or get ps
statistics from the other machine every few minutes, or whatever.
I've done this in suituations where 2+ servers are not multi-user
systems, for if one machine is compromised, those private keys are
unprotected, and the other system is easily compromised...
So, this setup is really only useful when the threat lies in
protecting network MITM between cron-powered robot rpc, and when the
local machines are contextually trusted.
Kindof a hack for rpc, but getting creative with the building blocks
is what makes UNIX fun and powerful, to me. :)
> I can't really think of a good argument _against_ using keys to do
> authentication, though I'd be interested to hear one if one exists.
Me too, my rpc-robot tangent above really is a different kind of key
use- not daily admin login practices.
More information about the talk