Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

The absence of labels [in ECL] is probably a good thing. -- T. Cheatham


computers / comp.security.ssh / Re: Thoughts on Public Key versus Password authentication

SubjectAuthor
* Thoughts on Public Key versus Password authenticationChris Green
+* Re: Thoughts on Public Key versus Password authenticationRichard Kettlewell
|`* Re: Thoughts on Public Key versus Password authenticationChris Green
| `* Re: Thoughts on Public Key versus Password authenticationRichard Kettlewell
|  `- Re: Thoughts on Public Key versus Password authenticationChris Green
`* Re: Thoughts on Public Key versus Password authenticationGrant Taylor
 `* Re: Thoughts on Public Key versus Password authenticationChris Green
  `* Re: Thoughts on Public Key versus Password authenticationGrant Taylor
   `- Re: Thoughts on Public Key versus Password authenticationChris Green

1
Subject: Thoughts on Public Key versus Password authentication
From: Chris Green
Newsgroups: comp.security.ssh
Date: Thu, 17 Sep 2020 08:44 UTC
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.security.ssh
Subject: Thoughts on Public Key versus Password authentication
Date: Thu, 17 Sep 2020 09:44:56 +0100
Lines: 34
Message-ID: <89kb3h-1ccf.ln1@esprimo.zbmc.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net qf8J3J8si7nL5KtqePGoOw6CKoWCpd5Ln62Re33igE5NZcSXg=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:qdwoYwg9sGwB5ITpdpxuwbAvFc4=
User-Agent: tin/2.4.4-20191224 ("Millburn") (Linux/5.4.0-47-generic (x86_64))
View all headers
All these recent questions about connecting from a laptop to a home
(desktop) machine bring me back to my original reasons for using
password authentication rather than Public Key authentication.

My original (and still valid) reasoning was as follows:-

Password authentication will *always* ask for the password, there's no
equivalent of a key agent.  So, if I leave my laptop lying around and
turned on (I often do), as long as I log out from the connections to
the home desktop machine someone else can't access my home desktop
unless they know the password.

Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.

Yes, there are ways to reduce the risk with Public Key authentication
but I don't see any major advantages in the underlying security so
what's to be gained.

A remote user (i.e. someone at my laptop) can't brute force the
password as the increasing delays on entering an incorrect password
prevent this.  So, if the password is sensibly secure, I see no major
security problem.

Unauthorised access to my desktop machine is far more likely to be due
to overlooking some obvious 'design' fault than to someone breaking my
password IMHO.

Thoughts anyone, am I missing anything obvious (quite likely!)?

--
Chris Green
·


Subject: Re: Thoughts on Public Key versus Password authentication
From: Richard Kettlewell
Newsgroups: comp.security.ssh
Organization: terraraq NNTP server
Date: Thu, 17 Sep 2020 14:09 UTC
References: 1
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!nntp.terraraq.uk!.POSTED.nntp.terraraq.uk!not-for-mail
From: inva...@invalid.invalid (Richard Kettlewell)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Thu, 17 Sep 2020 15:09:29 +0100
Organization: terraraq NNTP server
Message-ID: <87tuvw336u.fsf@LkoBDZeT.terraraq.uk>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: mantic.terraraq.uk; posting-host="nntp.terraraq.uk:2a00:1098:0:86:1000:3f:0:2";
logging-data="11978"; mail-complaints-to="usenet@mantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Cancel-Lock: sha1:sqXkkHO3sUnmQ0oyKP4GwRnn7vY=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
+r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
View all headers
Chris Green <cl@isbd.net> writes:
All these recent questions about connecting from a laptop to a home
(desktop) machine bring me back to my original reasons for using
password authentication rather than Public Key authentication.

My original (and still valid) reasoning was as follows:-

Password authentication will *always* ask for the password, there's no
equivalent of a key agent.  So, if I leave my laptop lying around and
turned on (I often do), as long as I log out from the connections to
the home desktop machine someone else can't access my home desktop
unless they know the password.

Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.

Yes, there are ways to reduce the risk with Public Key authentication
but I don't see any major advantages in the underlying security so
what's to be gained.

A remote user (i.e. someone at my laptop) can't brute force the
password as the increasing delays on entering an incorrect password
prevent this.  So, if the password is sensibly secure, I see no major
security problem.

Unauthorised access to my desktop machine is far more likely to be due
to overlooking some obvious 'design' fault than to someone breaking my
password IMHO.

Thoughts anyone, am I missing anything obvious (quite likely!)?

I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing
you’ve missed is that the attacker can install a keylogger and capture
your password next time you use it.

That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less
often.

--
https://www.greenend.org.uk/rjk/


Subject: Re: Thoughts on Public Key versus Password authentication
From: Chris Green
Newsgroups: comp.security.ssh
Date: Thu, 17 Sep 2020 15:04 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Thu, 17 Sep 2020 16:04:14 +0100
Lines: 55
Message-ID: <egac3h-ejpg.ln1@esprimo.zbmc.eu>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu> <87tuvw336u.fsf@LkoBDZeT.terraraq.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net IupkTLmR8W1Yga1edSRQXAWDP3Vk7JgTDL9gyydUtwHcM2EiQ=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:5JOhmpqiic0dQZF+HDzzE8YRE5E=
User-Agent: tin/2.4.4-20191224 ("Millburn") (Linux/5.4.0-47-generic (x86_64))
View all headers
Richard Kettlewell <invalid@invalid.invalid> wrote:
Chris Green <cl@isbd.net> writes:
All these recent questions about connecting from a laptop to a home
(desktop) machine bring me back to my original reasons for using
password authentication rather than Public Key authentication.

My original (and still valid) reasoning was as follows:-

Password authentication will *always* ask for the password, there's no
equivalent of a key agent.  So, if I leave my laptop lying around and
turned on (I often do), as long as I log out from the connections to
the home desktop machine someone else can't access my home desktop
unless they know the password.

Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.

Yes, there are ways to reduce the risk with Public Key authentication
but I don't see any major advantages in the underlying security so
what's to be gained.

A remote user (i.e. someone at my laptop) can't brute force the
password as the increasing delays on entering an incorrect password
prevent this.  So, if the password is sensibly secure, I see no major
security problem.

Unauthorised access to my desktop machine is far more likely to be due
to overlooking some obvious 'design' fault than to someone breaking my
password IMHO.

Thoughts anyone, am I missing anything obvious (quite likely!)?

I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing
you’ve missed is that the attacker can install a keylogger and capture
your password next time you use it.

That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less
often.

Good point, though it's fairly unlikely isn't it?  The intruder has to
find my computer unnatended and happens to have a Linux aware key
logger available (presumably on a stick) and the means to install it.
However I guess people who are likely to have that sort of thing will
also have them on an 'easy to install quickly' medium of some sort.

Thanks for that though, it's in the "missing anything obvious" line of
things!  No matter how secure your password/passphrase is a key-logger
will reveal it.

--
Chris Green
·


Subject: Re: Thoughts on Public Key versus Password authentication
From: Richard Kettlewell
Newsgroups: comp.security.ssh
Organization: terraraq NNTP server
Date: Thu, 17 Sep 2020 20:44 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!paganini.bofh.team!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!nntp.terraraq.uk!.POSTED.nntp.terraraq.uk!not-for-mail
From: inva...@invalid.invalid (Richard Kettlewell)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Thu, 17 Sep 2020 21:44:56 +0100
Organization: terraraq NNTP server
Message-ID: <87o8m42kvr.fsf@LkoBDZeT.terraraq.uk>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu>
<87tuvw336u.fsf@LkoBDZeT.terraraq.uk>
<egac3h-ejpg.ln1@esprimo.zbmc.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: mantic.terraraq.uk; posting-host="nntp.terraraq.uk:2a00:1098:0:86:1000:3f:0:2";
logging-data="17678"; mail-complaints-to="usenet@mantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
Cancel-Lock: sha1:Crtj1wrroS6HquTPZDSmKke2UoM=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^
F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha
+r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
View all headers
Chris Green <cl@isbd.net> writes:
Richard Kettlewell <invalid@invalid.invalid> wrote:
I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing
you’ve missed is that the attacker can install a keylogger and capture
your password next time you use it.

That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less
often.

Good point, though it's fairly unlikely isn't it?  The intruder has to
find my computer unnatended and happens to have a Linux aware key
logger available (presumably on a stick) and the means to install it.
However I guess people who are likely to have that sort of thing will
also have them on an 'easy to install quickly' medium of some sort.

It doesn’t need to be any more complex than:
  curl some.url | bash

--
https://www.greenend.org.uk/rjk/


Subject: Re: Thoughts on Public Key versus Password authentication
From: Chris Green
Newsgroups: comp.security.ssh
Date: Fri, 18 Sep 2020 08:14 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.szaf.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Fri, 18 Sep 2020 09:14:08 +0100
Lines: 26
Message-ID: <gr6e3h-i9jk.ln1@esprimo.zbmc.eu>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu> <87tuvw336u.fsf@LkoBDZeT.terraraq.uk> <egac3h-ejpg.ln1@esprimo.zbmc.eu> <87o8m42kvr.fsf@LkoBDZeT.terraraq.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net j+P3lT0Y/wydPuBgiuJX8QS85XLIj0ak9LcamtpsrCeUb+6Ng=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:IFKOvR5It/hHiy26dsjvsH1qSls=
User-Agent: tin/2.4.4-20191224 ("Millburn") (Linux/5.4.0-47-generic (x86_64))
View all headers
Richard Kettlewell <invalid@invalid.invalid> wrote:
Chris Green <cl@isbd.net> writes:
Richard Kettlewell <invalid@invalid.invalid> wrote:
I think your threat model here is someone entering commands on a
computer that you’ve temporarily left unattended. If so then the thing
you’ve missed is that the attacker can install a keylogger and capture
your password next time you use it.

That threat applies to password-protected keys as well, of course; at
best it may take a little longer since you may type that passphrase less
often.

Good point, though it's fairly unlikely isn't it?  The intruder has to
find my computer unnatended and happens to have a Linux aware key
logger available (presumably on a stick) and the means to install it.
However I guess people who are likely to have that sort of thing will
also have them on an 'easy to install quickly' medium of some sort.

It doesn’t need to be any more complex than:
  curl some.url | bash

True.  :-)

--
Chris Green
·


Subject: Re: Thoughts on Public Key versus Password authentication
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Fri, 18 Sep 2020 15:43 UTC
References: 1
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Fri, 18 Sep 2020 09:43:24 -0600
Organization: TNet Consulting
Message-ID: <rk2kjh$c1m$1@tncsrv09.home.tnetconsulting.net>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Sep 2020 15:43:45 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="12342"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.6.0
In-Reply-To: <89kb3h-1ccf.ln1@esprimo.zbmc.eu>
Content-Language: en-US
View all headers
On 9/17/20 2:44 AM, Chris Green wrote:
Public Key authentication doesn't (by default, using an agent) provide this security, once the key passphrase has been entered anyone with access to my laptop can connect to my home machine.

I'm not quite sure how to unpack "by default, using an agent".  Are you referring to the agent's default behavior or that you are using an agent by default?

Have you looked at the "-t <seconds>" option to adding keys to the agent?

My understanding is that you can make keys via agent behave as if they only exist in the agent for the specified number of seconds.

This makes me think that if your keys had a passphrase on them and that the number of seconds since added had expired that you would be prompted for the passphrase for the key again.

I think that you might be able to get the ssh agent to behave somewhat like sudo in that it remembers you for a specified amount of time.



--
Grant. . . .
unix || die


Subject: Re: Thoughts on Public Key versus Password authentication
From: Chris Green
Newsgroups: comp.security.ssh
Date: Fri, 18 Sep 2020 17:58 UTC
References: 1 2
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!lilly.ping.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Fri, 18 Sep 2020 18:58:41 +0100
Lines: 28
Message-ID: <h39f3h-pk3n.ln1@esprimo.zbmc.eu>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu> <rk2kjh$c1m$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net EukQ26o04lgmVNsR9BknSAatraiunwhAVE6CBNDF7xjKUiE/o=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:5z2Mn/UCra1OMWM7TI5b+r+Hv+0=
User-Agent: tin/2.4.4-20191224 ("Millburn") (Linux/5.4.0-47-generic (x86_64))
View all headers
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
On 9/17/20 2:44 AM, Chris Green wrote:
Public Key authentication doesn't (by default, using an agent) provide
this security, once the key passphrase has been entered anyone with
access to my laptop can connect to my home machine.

I'm not quite sure how to unpack "by default, using an agent".  Are you
referring to the agent's default behavior or that you are using an agent
by default?

Have you looked at the "-t <seconds>" option to adding keys to the agent?

My understanding is that you can make keys via agent behave as if they
only exist in the agent for the specified number of seconds.

This makes me think that if your keys had a passphrase on them and that
the number of seconds since added had expired that you would be prompted
for the passphrase for the key again.

I think that you might be able to get the ssh agent to behave somewhat
like sudo in that it remembers you for a specified amount of time.

Yes, you can do that, but it only gets you back to the same place as
password authentication gets you to by default.

--
Chris Green
·


Subject: Re: Thoughts on Public Key versus Password authentication
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Fri, 18 Sep 2020 20:35 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Fri, 18 Sep 2020 14:35:39 -0600
Organization: TNet Consulting
Message-ID: <rk35ng$sc5$2@tncsrv09.home.tnetconsulting.net>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu>
<rk2kjh$c1m$1@tncsrv09.home.tnetconsulting.net>
<h39f3h-pk3n.ln1@esprimo.zbmc.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Sep 2020 20:36:00 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="29061"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.6.0
In-Reply-To: <h39f3h-pk3n.ln1@esprimo.zbmc.eu>
Content-Language: en-US
View all headers
On 9/18/20 11:58 AM, Chris Green wrote:
Yes, you can do that, but it only gets you back to the same place as password authentication gets you to by default.

It's not quite the same place.

You can use the key for multiple connections for the key's lifetime.

So if you set the lifetime to be 15 seconds, then any background use, e.g. ProxyJump, will benefit from it.



--
Grant. . . .
unix || die


Subject: Re: Thoughts on Public Key versus Password authentication
From: Chris Green
Newsgroups: comp.security.ssh
Date: Sat, 19 Sep 2020 09:23 UTC
References: 1 2 3 4
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: cl...@isbd.net (Chris Green)
Newsgroups: comp.security.ssh
Subject: Re: Thoughts on Public Key versus Password authentication
Date: Sat, 19 Sep 2020 10:23:01 +0100
Lines: 22
Message-ID: <l8vg3h-rkhq.ln1@esprimo.zbmc.eu>
References: <89kb3h-1ccf.ln1@esprimo.zbmc.eu> <rk2kjh$c1m$1@tncsrv09.home.tnetconsulting.net> <h39f3h-pk3n.ln1@esprimo.zbmc.eu> <rk35ng$sc5$2@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net LiyOAT/0rgNxrBsMR10tVQ8LXyIvPhy7PhH93tuhyptHJ4OGk=
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:vub7+F5RnASzZjmaQqJkId6tBzA=
User-Agent: tin/2.4.4-20191224 ("Millburn") (Linux/5.4.0-47-generic (x86_64))
View all headers
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
On 9/18/20 11:58 AM, Chris Green wrote:
Yes, you can do that, but it only gets you back to the same place as
password authentication gets you to by default.

It's not quite the same place.

You can use the key for multiple connections for the key's lifetime.

So if you set the lifetime to be 15 seconds, then any background use,
e.g. ProxyJump, will benefit from it.

Yes, but that effectively reduces security still - when I used password
authentication the proxy machine had a different password so an
intruder had to know two passwords.

I could, of course, implement the same with Public Key but that
removes the 'advantage' you offer above. :-)

--
Chris Green
·


1
rocksolid light 0.7.2
clearneti2ptor