2

I'm not asking about password vs key authentication.

I've seen a few times (and even Amazons AWS) says that even if SSH has a major vulnerability that key authentication would make such an exploit less vulnerable. But, what if there is an exploit with how the keys are verified; isn't this just making an assumption based on the authentication mechanisms?

Why is this the thought? Is it because we all know passwords are a poor form of authentication so the assumption has just been "use a private key"?

Improve this question
3
  • 4
    Can you refer us to the source that states this: "....says that even if SSH has a major vulnerability that key authentication would make such an exploit less vulnerable..."? Commented Apr 21, 2014 at 1:29
  • This is not related to Unix and thus should be asked on security.stackexchange.com Commented Apr 21, 2014 at 1:50
  • 1
    @HaukeLaging - it's partially related to U&L since SSH is a vital component of logging into remote Unix systems. Commented Apr 21, 2014 at 1:56

2 Answers 2

Reset to default
8

I think what you're referring to is what's called the challenge-response model. With this approach the key pairs are never exposed in a manner that they could be sniffed off the wire, as is the case with sending a password over the line. And so it's deemed much safer because of this fact.

One of the answers to this security SE Q&A titled: Is using a public-key for logging in to SSH any better than saving a password? explains the advantages of using a public/private key pair.

excerpt

In the public key case, we have a very different situation. In this case, the server has the public key of the user stored. What happens next is that the server creates a random value (nonce), encrypts it with the public key and sends it to the user. If the user is who is supposed to be, he can decrypt the challenge and send it back to the server, who then confirms the identity of the user. It is the classic challenge-response model.

So given the manner in which the key pairs are used by sending a NONCE, they're never truly being exposed to being known by a man in the middle, and only the public side of the key is out in the open.

If you're truly suspicious you can abandon use of this key pair, and simply regenerate a brand new set.

What's a NONCE?

excerpt

In security engineering, a nonce is an arbitrary number used only once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time the 401 authentication challenge response code is presented, thus making replay attacks virtually impossible.

References

Improve this answer
2
  • Challenge-response authentication is not the same as public-key authentication. In SSH, most password based authentication actually uses challenge-response. The challenge is usually "what is your password?", and the response would be the user providing their password. This answer has a good explanation on the subject. Commented Apr 21, 2014 at 2:59
  • 1
    @Patrick - I meant there is a challenge response b/w the client & server wrt the NONCE. That SU Q&A isn't very good IMO. Commented Apr 21, 2014 at 3:29
2

Yes, there could be a vulnerability in the public-key authentication mechanism of SSH. But there could also be a vulnerability in the password or challenge-response authentication mechanism. So basically on that factor alone, both authentication methods are considered equal.

Benefits of public-key authentication

The private key is never sent over the wire. The server has the public key, and it encrypts some random data with that public key. This data can only be decrypted with the private key. The encrypted data is then sent to the client which decrypts it and sends it back to the server.

It is also impossible to brute force decrypt that data. The client only gets one try to decrypt it. If it gets it wrong, it has to start over with newly encrypted data. Then there's also a time limit, where if the client only has a few seconds to respond.

Downsides of public-key authentication

SSH private keys can be protected with a password, and for security, it is recommended to do so. But it is not required.
So if client system doesn't have the private key password protected, and someone gets physical access to the system, or a copy of that key, then they get access to the remote system.

Downsides of agent key forwarding

It is possible, and common, for the client system to use a 'key agent' for storing the SSH private key. When the ssh client needs to do something with that private key, it sends the request to the key agent.
It is also possible, and common, to forward access to this key agent over the SSH connection, so that you can use the local SSH key on the remote system (if you wanted to ssh to another box for example).

The downside to this is that if the remote system is compromised, or someone else has root access, they can use your ssh key while you are connected to that system.

With key forwarding, the SSH daemon puts a named socket on the remote system which is used to communicate with the SSH key agent. This socket is protected by basic filesystem permissions so that only your user can access it. However since root can do whatever it wants, and filesystem permissions have no meaning to it, the root user can access that socket and use your private key.

Note that this doesn't mean they get your private key, only that they can use it. The SSH key agent never sends the key itself, it only responds to the 'decrypt this data' request needed for public key authentication.

Improve this answer

You must log in to answer this question.