aqua at atlantic.devin.com
Thu Jan 27 11:55:02 PST 2000
On Thu, Jan 27, 2000 at 10:58:05AM -0800, Mitchell Patenaude wrote:
> I think you are missing thie point. What he's proposing to do is
> tunnel POP traffic, but that traffic is only encrypted from his
> computer until it get to bolt, from there to the pop server it's
> just open text, and that pop traffic contains his password. It's
I was referring to the authentication involved in setting up the
tunnel -- password authentication by SSH generally obliges you to either
have ssh attached to a tty (which it wouldn't be when forked, as in the
invokations sofar), or else have ssh-askpass available. AFAIK without one
of those two, ssh won't be able to ask for the password and thus won't be
able to authenticate to open the tunnel.
Using ssh-askpass to inquire about the password would be fine unless
one intended to have fetchmail run automatically or often, in which case
entering the password each time would be an annoyance.
> compromised wheter he uses RSA authentication or not. While I
> think SSH tunneling is a great thing, I think it probably increases
> the vulnerability here, rather than the other way around.
Several reasons for RSA being preferable:
(0) The agent can store one's ssh key, thus eliminating the above
(1) RSA is several orders of magnitude more secure than 8-byte
password authentication in the face of brute-force attack, and largely
immune to "social engineering" considerations generally applied to targeted
(2) A compromised shell server can sniff its own authentication
path, thus compromising passwords sent to it. RSA auth does not have that
problem. RSA auth IS subject to attack if you permit the agent to forward
authentication to a compromised host, hence why agent forwarding is
generally supposed to be disabled except for trustworthy hosts.
(3) Better one compromisable authentication than two.
All that said, you're correct in that since you're going to be doing
cleartext authentication with a shell server on one end, an attacker will
find it easier to sniff outgoing packets to port 110 than to trojan
sshd/pam. The convenience factors of agent-enabled RSA are more significant
than than the augmented security of eliminating the password in this case.
If obtaining actual security along the way is desired, it'd be best
to avoid POP completely. :)
Devin \ aqua(at)devin.com, finger for PGP; http://www.devin.com
Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++
More information about the talk