posted by Raymond Lai on Wed 26th Oct 2005 18:49 UTC

"Passwords, 2/2"
Benefits

1 . Passwordless.

People love convenience. If a user is annoyed enough by the system, s/he will try to find way to get around it, usually opening up serious security holes. For example, s/he might use a short and easy to remember password or use an unencrypted private key. Given a choice, I would prefer safer convenience to dangerous convenience. Thus, the keychain solution is shown here.

2 . Agent forwarding.

Here is the context: you are using your own machine, A, which holds your private key and has a ssh-agent running. And you have access to two untrusted remote machines, B and C. Both have the keybased authentication set up. Now, you connect to B from A without a password because you already have a running ssh-agent daemon. Then you want to connect to C from B. If machine B has agent forwarding enabled, it will forward the challenge from machine C to A, and forward the response from A to C in order for machine C to authenticate you. This is called agent forwarding. The benefit is that you don't need to put your private key in the untrusted machine B lest it is stolen; and you don't need to type your password in machine B to connect to C lest a key logger is installed in machine B to tap your passwords.

3 . Enabling ssh connections for cron jobs.

If a cron job requires a remote connection to some other machines, some people will resort to embedding the passwords in the cron job itself using telnet or ftp. However, this is a bad practice. Instead, the keychain passwordless keybased authentication is a better solution. Remember the --clear option in step 4? It's designed specifically for cron jobs. It tells keychain to flush the cache key whenever a new login happens, but keep the cache when a user logs out. The rationale is a new login poses some security risk as it could be an intruder that just has stolen your password. However, a logout shouldn't pose any security risk. So that even after user logout, the cron jobs can still use the running ssh-agent to establish a secure connection.

Risks

1 . Bathroom break hijack.

Please lock your computer before going to bathroom. Otherwise, your roommates or whoever has physical access to your unlock session might do nasty things to your remote hosts. So don't complain when your CSC309 essay is gone somehow.

2 . Memory dump to acquire unencrypted private key.

There might be a possibility for a highly-skilled hacker to force a ssh-agent memory dump and steal the unencrypted private key, given that he has broken into your system. A solution to this problem could be the Trusted Platform Module (TPM), which is a hardware chip that stores the sensitive information, such as private keys. With TPM, the private key will reside in the chip instead of the main memory, so that a memory dump attack will be futile. Some laptops already feature this technology.

Looking forward

Keybased only authentication has a pretty good future in banking industry. People are worried about their Internet banking passwords stolen by spyware in their computers, so that they could suffer financial damage. One solution would be: The bank sets up a keybased only authentication system for their online banking. Then user can create a DSA key pair with his/her own STRONG passphase either online or preferably in the bank branches. Then the bank will create a Linux live CD with the encrypted private key and send it to the user or offer a dynamic link for the user to download the ISO image. Then s/he can boot the computer with the Live CD and do online banking securely. This will solve the spyware concerns and even if the password is stolen, the villain will still need the physical copy of the Live CD with the private key to tamper the system.

Conclusion

In this article, I have shown how to properly set up a passwordless authentication in remote connection. It is a compromise between security and convenience, however a compromise is a compromise. Users need to fully evaluate the benefits and risk before taking the plunge. Hopefully, this article will help minimize the number of insecure convenient practice.

About the author:
Raymond Lai is a fourth year student at University of Toronto. He received a full scholarship to study his Computer Science degree. He had two work terms at IBM as a Webservice Tooling developer. His career interest is in the consulting industry.

References

Gentoo Linux Keychain Guide
http://www.gentoo.org/doc/en/keychain-guide.xml

Openssh Key Management by Daniel Robbins
http://www-128.ibm.com/developerworks/linux/library/l-keyc.html
http://www-128.ibm.com/developerworks/linux/library/l-keyc2/
http://www-128.ibm.com/developerworks/linux/library/l-keyc3/

Openssh FAQ
http://www.openssh.com/faq.html


If you would like to see your thoughts or experiences with technology published, please consider writing an article for OSNews.
Table of contents
  1. "Passwords, 1/2"
  2. "Passwords, 2/2"
e p (0)    4 Comment(s)

Technology White Papers

See More