SSH "security" (was Re: cvs-nserver and latest CVS advisory)

[Eivind Eklund]

On Wed, Aug 09, 2000 at 10:53:10AM -0400, Greg A. Woods wrote:
> (Mind you -- I cannot say the above without also stressing the risks of
> something like SSH are not zero -- the server must still trust the
> physical hardware and the operating system within the client since SSH
> can easily be used covertly by a virus or worm!  This means that SSH
> users on both ends of the connection must continually secure their
> systems and provide reasonable assurances against such covert use!)

If you use ssh-agent or X11 forwarding: Not just the client - all the
machines that gets logged in to using that key (with forwarding).  Oh, and
if you want to use agent forwarding at all, you have to either use it
everywhere or remember to disable it each time you connect somewhere it
shouldn't be enabled - there is no enable switch (in the official version(s) -
a lot of us patch it locally.)   And there is no logging of what authentication
your agent does.

I *highly* recommend not using world-accessable authorized_keys files;
restrict them by IP address.  It at least gives you some security from
compromised hosts, and will even make ssh more secure than .rhosts, overall.
X11 forwarding is still a large risk, of course.

Eivind, who becomes less and less of an ssh fan the more he thinks about ssh.