SYSTEM:

(1) firewall/router (SmoothWall Express 2.0) which (using NAT)
provides and protects both a "green" zone for a LAN and an
"orange" zone ("DMZ") for a publicly-accessible server

(2) ftp or http server in the DMZ

(3) desktop machine in the LAN from which the sysop maintains the
server

SITUATION:

It is convenient to use "scp" for transferring files between the
desktop machine in the LAN and the server, and to use "ssh" for
remote maintenance of the server, again from the desktop machine
in the LAN. And to eliminate the constant typing of password,
ssh-agent can be installed.

Such remote maintenance of the server from a machine in the LAN
becomes tedious unless there is on each machine an account with
the same username, password, and passphrase.

QUESTION:

Is there a major or unreasonable security risk if the sysop
creates on the server an account with the same username, password,
and passphrase as his account on the desktop machine? That is, if
the server is compromised, should the sysop change his password,
passphrase, etc.?

If so, what is the recommended alternative? Is there a HOWTO on
this subject?

RLH


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Russell L. Harris <rlharris@oplink.net>:
>
> Is there a major or unreasonable security risk if the sysop creates
> on the server an account with the same username, password, and
> passphrase as his account on the desktop machine?

Same username is a convenience, account passwords need not be the
same, and if you gpg-genkey then distribute that key to each host's
~/.ssh, you'll ssh-add once for each sshd you subsequently make
requests of.

> That is, if the server is compromised, should the sysop change his
> password, passphrase, etc.?

If the server's compromised, you should reinstall. Same thing you do
with penicillin these days; finish it and wipe out even the last
vestiges of the bug that infected you. Using ssh means conversations
between boxes are encrypted, so no one's going to sniff passwords from
your traffic. Disable sshd password logins, insisting it use crypto
keys for authentication instead.

As long as you've no keylogger running on the box where you ssh-add
(or gpg-genkey), I can't see how anyone's going to come close to
breaking in, assuming the rest of the system's been sufficiently
policed. You're not running daemons you don't need, and you watch the
ones you do, yes?

> If so, what is the recommended alternative? Is there a HOWTO on
> this subject?

tldp.org

Kerberos, SELinux, tripwire, portknocker, ... Or, unplug it, put it
in a locked vault, and enjoy the peace and quiet.

If you have good backups, why worry about it? Reinstall's minutes
away.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

* s. keeling <keeling@nucleus.com> [080402 19:28]:
> Russell L. Harris <rlharris@oplink.net>:
> >
> If the server's compromised, you should reinstall.

My concern is not for corruption of the server. My concern is whether
-- if I employ on the server the same password and passphrase which I
employ on the desktop (my principal machine) -- compromise of the
server necessitates that I change the password and the passphrase on
the desktop machine.

In other words, if I were to give you free access to my server, so
that you could inspect all the system files, would you be able to
deduce the password and passphrase, which are the same as those which
I use on the desktop machine?

RLH


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Russell L. Harris <rlharris@oplink.net>:
>
> In other words, if I were to give you free access to my server, so
> that you could inspect all the system files, would you be able to
> deduce the password and passphrase, which are the same as those which
> I use on the desktop machine?

You just described root. Yes, root could do that. Install a
keylogger and wait for you to login. If you never do, I'm stuck
running crack against shadow.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Apr 02, 2008 at 10:33:35AM -0500, Russell L. Harris wrote:
> It is convenient to use "scp" for transferring files between the
> desktop machine in the LAN and the server, and to use "ssh" for
> remote maintenance of the server, again from the desktop machine
> in the LAN. And to eliminate the constant typing of password,
> ssh-agent can be installed.

If you are using public key authentication (i.e., RSA or DSA key pairs)
to log in to the server, then there should be no need to ever enter the
server password for anything other than sudo, which greatly reduces any
perceived issues caused by having different passwords on each system.

When using public key auth, copy *only* your public key to the server.
(ssh-copy-id is a handy way to automate this.) So long as your private
key remains secure, there is very little risk to an attacker getting
their hands on the public key - that's kind of the point of public key
crypto, after all. Unless they take the time to successfully factor the
public key, there is no way it can be used to attack your systems; the
worst they could do with it is grant you access to their server and run
a keylogger there.

Your passphrase is only relevant to the private key. If they don't get
their hands on the private key (which, again, should reside only on your
desktop system), they neither have any way to attempt to crack your
passphrase nor would your passphrase do them any good even if they did
have it.

Using ssh also makes it easy to use different usernames on each host
(just add a "User username" line for the host to ~/.ssh/config on the
desktop machine), although I don't see this as adding any worthwhile
degree of security.

--
News aggregation meets world domination. Can you see the fnews?
http://seethefnews.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> Unless they take the time to successfully factor the
> public key,

Can you expand on that sentence? I'm not sure what you meant by it.

Other than that I wholeheartedly agree with the suggestion to use
public-private key pairs, and would suggest (as others have pointed
out) that you turn OFF the ability to log in with a password thru ssh
- - e.g. make ssh authorize with keys only.

Just in case it wasn't clear - the user names do not have to match,
even when using public keys.

Brian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Verify this email or encrypt your email for free - see gnupg.org

iD8DBQFH9R51GnOmb9xIQHQRAu+lAKCQRa4s/3FYxwCjKeRnqV4vmCzSmACfUFw6
sWRtK9J6sVaS2gAQq/zH8ew=
=zu28
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Apr 02, 2008 at 08:33:34PM -0500, Russell L. Harris wrote:
> * s. keeling <keeling@nucleus.com> [080402 19:28]:
> > Russell L. Harris <rlharris@oplink.net>:
> > >
> > If the server's compromised, you should reinstall.
>
> My concern is not for corruption of the server. My concern is whether
> -- if I employ on the server the same password and passphrase which I
> employ on the desktop (my principal machine) -- compromise of the
> server necessitates that I change the password and the passphrase on
> the desktop machine.
>
> In other words, if I were to give you free access to my server, so
> that you could inspect all the system files, would you be able to
> deduce the password and passphrase, which are the same as those which
> I use on the desktop machine?

Well, does the desktop need to run sshd at all, and if so, does it need
to listen to "outside" addresses? If not, and you've deactivated
password logins and you've deactivated root logins, you could give
anyone the root password and there's nothing listening that will let
them into the desktop box.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Douglas A. Tutty <dtutty@porchlight.ca>:
>
> Well, does the desktop need to run sshd at all, and if so, does it need
> to listen to "outside" addresses? If not, and you've deactivated
> password logins and you've deactivated root logins, you could give
> anyone the root password and there's nothing listening that will let
> them into the desktop box.

Good one.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Brian McKee <map@map-heb.com>:
> On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > Unless they take the time to successfully factor the
> > public key,
>
> Can you expand on that sentence? I'm not sure what you meant by it.

I imagine he means a brute force crack. Got a supercomputer or
botnet available? Does the target use md5 passwords? Good luck.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Thu, 3 Apr 2008 12:23:34 -0500
Dave Sherohman <dave@sherohman.org> wrote:

[snip]

> When using public key auth, copy *only* your public key to the server.
> (ssh-copy-id is a handy way to automate this.) So long as your private
> key remains secure, there is very little risk to an attacker getting
> their hands on the public key - that's kind of the point of public key
> crypto, after all. Unless they take the time to successfully factor the
> public key, there is no way it can be used to attack your systems; the
> worst they could do with it is grant you access to their server and run
> a keylogger there.

And IIUC, that's what ~/.ssh/known_hosts is all about; if an attacker's
machine presents your public key to you, ssh will give you a scary
warning about the IP / public key mismatch.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Fri, Apr 04, 2008 at 02:43:58AM +0200, s. keeling wrote:
> Brian McKee <map@map-heb.com>:
> > On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > > Unless they take the time to successfully factor the
> > > public key,
> >
> > Can you expand on that sentence? I'm not sure what you meant by it.
>
> I imagine he means a brute force crack. Got a supercomputer or
> botnet available? Does the target use md5 passwords? Good luck.

I do, but of a different (and much more difficult) type.

My (admittedly limited) understanding of public key crypto is that the
public and private key are connected by the relationship of two extremly
large prime numbers. It is mathematically possible, then, to identify
those numbers by factoring the numeric value of the public key and then
use them to deduce the value of the private key.

In practice, any decent public key system will use large enough primes
that this is a "Got a supercomputer or a botnet and a good bit of time?"
case which makes brute-forcing an md5 password file look easy, but I
like to be complete and it is a conceivable avenue of attack, even
though it's thoroughly unfeasible to conduct unless/until there's a
major breakthrough in techniques for factoring very large numbers. (Or
maybe an advance in quantum computing. A lot of people seem to expect
that this sort of task will be easy for quantum processors, but I don't
know of it having ever been actually done.)

--
News aggregation meets world domination. Can you see the fnews?
http://seethefnews.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:

> In practice, any decent public key system will use large enough primes
> that this is a "Got a supercomputer or a botnet and a good bit of time?"
> case which makes brute-forcing an md5 password file look easy, but I
> like to be complete and it is a conceivable avenue of attack, even
> though it's thoroughly unfeasible to conduct unless/until there's a
> major breakthrough in techniques for factoring very large numbers. (Or
> maybe an advance in quantum computing. A lot of people seem to expect
> that this sort of task will be easy for quantum processors, but I don't
> know of it having ever been actually done.)

In Practical Cryptography (was that Shearing, or Shelling or somebody),
he talks about the Chinese Toaster solution. The Chinese could put a
chip in every toaster (or cell phone, whatever) they make with a subset
of this massively-paralellized problem and when a solution is found, it
tells the user that there is an error, phone this number and give them
this error message and you will receive a replacment, improved, toaster
(cell phone, whatever). The Chinese, then take each of the answers
provided by the toasters and recombine them to get the complete answer.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> On Fri, Apr 04, 2008 at 02:43:58AM +0200, s. keeling wrote:
> > Brian McKee <map@map-heb.com>:
> > > On 3-Apr-08, at 1:23 PM, Dave Sherohman wrote:
> > > > Unless they take the time to successfully factor the
> > > > public key,
> > >
> > > Can you expand on that sentence? I'm not sure what you meant by it.
> >
> > I imagine he means a brute force crack. Got a supercomputer or
> > botnet available? Does the target use md5 passwords? Good luck.
>
> I do, but of a different (and much more difficult) type.
>
> My (admittedly limited) understanding of public key crypto is that the
> public and private key are connected by the relationship of two extremly
> large prime numbers. It is mathematically possible, then, to identify
> those numbers by factoring the numeric value of the public key and then
> use them to deduce the value of the private key.

Google "John the Ripper."

--
Chris.
======
If you are not subscribed, ask to be CC'd as the Policy of this list is
to reply to the list only.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
> > My (admittedly limited) understanding of public key crypto is that the
> > public and private key are connected by the relationship of two extremly
> > large prime numbers. It is mathematically possible, then, to identify
> > those numbers by factoring the numeric value of the public key and then
> > use them to deduce the value of the private key.
>
> Google "John the Ripper."

Apples and oranges. While John the Ripper would be capable of cracking
the passphrase of a private key, I have been able to find nothing which
says that, given a public key, it is able to deduce the corresponding
private key. On the contrary, those documents I've found which discuss
both John the Ripper and public key crypto generally are written to
contrast the weakness of encrypted passwords (what JtR is designed to
attack) against the strength of public key systems.

--
News aggregation meets world domination. Can you see the fnews?
http://seethefnews.com/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

> On Wed, Apr 09, 2008 at 08:49:29AM +1200, Chris Bannister wrote:
>> On Sun, Apr 06, 2008 at 10:46:25AM -0500, Dave Sherohman wrote:
>> > My (admittedly limited) understanding of public key crypto is that the
>> > public and private key are connected by the relationship of two
>> extremly
>> > large prime numbers. It is mathematically possible, then, to identify
>> > those numbers by factoring the numeric value of the public key and
>> then
>> > use them to deduce the value of the private key.
>>
>> Google "John the Ripper."
>
> Apples and oranges. While John the Ripper would be capable of cracking
> the passphrase of a private key, I have been able to find nothing which
> says that, given a public key, it is able to deduce the corresponding
> private key. On the contrary, those documents I've found which discuss
> both John the Ripper and public key crypto generally are written to
> contrast the weakness of encrypted passwords (what JtR is designed to
> attack) against the strength of public key systems.

The equations that relate the public and private keys, in addition to some
results from number theory, are based on the currently held belief that
the only way to factor the product of two large prime numbers is trial and
error. As such it is possible, with time, to obtain the private key,
given the public key. Hence, as typical with encryption, the larger the
prime numbers, the more tries. If and when someone comes up with an
algorithm to more rapidly deduce the prime factors, public key encryption
(at least the RSA version) is kaput.
Larry
>
> --
> News aggregation meets world domination. Can you see the fnews?
> http://seethefnews.com/
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org