strombrg at dcs.nac.uci.edu
Thu Jan 5 10:23:39 PST 2006
On Thu, 2006-01-05 at 14:14 +0100, Leif Nixon wrote:
> Dan Stromberg <strombrg at dcs.nac.uci.edu> writes:
> > Aside from the fact that IP addresses can be spoofed, if you go pure
> > host-based, then anyone on the host in question can do what they need to
> > do.
> SSH trusted host authentication involves verification of the host key,
> so IP address spoofing isn't enough. I'm not sure what you mean by
> "anyone on the host in question can do what they need to do".
Ah, I hadn't realized that there was a host key that would be used that
Are those host keys used in any way to verify which user is making the
> > If you do go pure host-based auth, and you want to maximize security
> > given that requirement, then you might want to guard that one host very
> > carefully.
> I'm not following you here either. Whether you choose the "give all
> users passphrase-less keys" route or the host-based auth route, you're
> *equally* screwed if a bad guy gets root. He can su to any user and
> ssh away to his delight. (Given a standard NFS setup.)
It's not a choice between "all users have passphraseless keys" and "host
It's a choice between "some users have passphraseless keys", "some users
have keys with passphrases with an ssh-agent", "some users have keys
with passphrases without an ssh-agent", and "some users rely on host
I'm guessing that in the scenarios that use user-specific keys, the host
key will also be checked.
More information about the Beowulf