https://bugzilla.mindrot.org/show_bug.cgi?id=3316
Damien Miller <djm@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org
--- Comment #1 from Damien Miller <djm@mindrot.org> ---
First, the root cause is forwarding an agent to an attacker-controlled
destination - the user is effectively delegating use of their keys to
that attacker.
Second this is not an authentication bypass, since nothing is being
bypassed. The user is becoming confused as to the context of a FIDO
touch request. That makes this more like phishing than anything else.
This attack may be mitigated by setting LogLevel=verbose so ssh(1) will
print a message at the conclusion of authentication:
> [djm@origin ~]$ ssh -oLogLevel=verbose host
> Authenticated to host.example.com ([10.0.0.1]:22).
> $
Fundamentally, forwarding an agent is a risky operation and should be
avoided where possible. This is why we implemented ProxyJump :)
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Damien Miller <djm@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org
--- Comment #1 from Damien Miller <djm@mindrot.org> ---
First, the root cause is forwarding an agent to an attacker-controlled
destination - the user is effectively delegating use of their keys to
that attacker.
Second this is not an authentication bypass, since nothing is being
bypassed. The user is becoming confused as to the context of a FIDO
touch request. That makes this more like phishing than anything else.
This attack may be mitigated by setting LogLevel=verbose so ssh(1) will
print a message at the conclusion of authentication:
> [djm@origin ~]$ ssh -oLogLevel=verbose host
> Authenticated to host.example.com ([10.0.0.1]:22).
> $
Fundamentally, forwarding an agent is a risky operation and should be
avoided where possible. This is why we implemented ProxyJump :)
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs