CAcert System Admins discussion list

[Mendel Mobach <extern AT leercoden.nl>]

On Mar 27, 2009, at 11:56 PM, Philipp Guehring wrote:

> Hi,
>
>
> > Why not? Is there something against key logins?
> Yes, key logins have several systemic threats. E.g. the Debian OpenSSL
> RNG problem, where you could suddenly login as root to any SSH server
> that had a vulnerable key and do remote code execution.

first of all: no remote root logins to such a box, that's part 1.
part 2 would be: limited to specific IP address (ranges).
and in case a problem like this I would suggest turning off ssh  
completely
for the time being.

> So key logins should not be the only method available, we might have  
> to
> turn off key logins in case of emergency.

True, the system does need an password, but we don't need to use it
in normal operations.

> > If there is a good reason
> > we should disable key logins completely.
> No, it's just system threats, not epic fails.

Oke.

> I don't see how ssh-agent prevents password sniffing from compromised
> machines.
> If the whole system is compromised, then both ssh client and ssh-agent
> are compromised, or?

If a client system is compromised: yes. If the server would be (somehow)
compromised or even man-in-the-middle attacked  a password can be
sniffed. A private key can't if you use ssh-agent.

> > It's about the advantages. vserver still doesn't support ipv6 and
> > I don't see it coming in the coming years in debian stable (which is
> > what we run at the moment).
> (I am currently starting to question myself whether ipv6 will be  
> coming
> in the next few years at all.)

It will be there eventually and yes it's a chick-and-egg problem.

Kind Regards,

Mendel Mobach