Secure Remote Access.

[taviso]

Okay, How often do you ssh into your machines from work or school?

What about using ssh from public internet access points at libraries or cafés?

Most people realise that using telnet isnt a great idea when trying to connect two untrusted machines over an insecure network, so they use ssh to protect the communication channel between the two hosts, but what about the communication channel between user and host?

Did you audit and compile that ssh client at work yourself? Are you sure the guys from IT havnt installed some key logging software, or tampered with your keyboard? You cant be certain someone isnt harvesting passwords before ssh even has a chance to do its stuff.

There is a solution to this, OTP (one time password) authentication. The idea with OTP authentication is this, when you are using a trusted communication channel (sitting at your own machine, or logged in over ssh from a secure system) you generate yourself a list of single use passwords, for use when you are using an untrusted machine. Once you have used an OTP, it is immediately void, it can never be used again, if someone were to steal it, it would be completely useless.

If you were to login using someones trojaned ssh client, OTP can help minimise the damage, although someone may still be able to see your session (probably not that much use), they will not be able to compromise your account.

As far as I am aware, Gentoo is the only Linux distribution that officially supports S/Key authentication, which is utilised by some of the BSDs. Here is a brief introduction to using S/Key OTP authentication on Gentoo:

First, you must install openssh with S/Key support by setting the skey USE flag, (please use the version from ~x86 if possible, I'd like to get some updates marked stable and would appreciate any testing!)

Code: Select all

# emerge -pv openssh

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] net-misc/openssh-3.7.1_p2-r1  -ipv6 -static -pam -tcpd -kerberos +skey -selinux -X509

Now add your user to the S/Key system

Code: Select all

$ skeyinit   
Password:
[Adding taviso]
Reminder - Only use this method if you are directly connected
or have an encrypted channel.  If you are using telnet
or rlogin, exit with no password and use skeyinit -s.

Enter secret password: 
Again secret password: 

ID taviso skey is otp-md4 99 inso77154
Next login password: RAP MEMO DOOR MAYO NILE TO

skeyinit displays your first S/Key password, but if your going away for a few days, you might need a few more passwords to print out and take with you (remember, you need one per login).

This is how to generate 5 passwords, you can get the challenge to generate your S/Keys using the skeyinfo program.

Code: Select all

$ skeyinfo
Your next otp-md4 98 inso77154
$ skey -n5 98 inso77154
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: 
 94: SEAR BARE IFFY OUTS LACE OHIO
 95: GATE SOY TOW YES BULB JIVE   
 96: ANY JURY ERIC HARK LINE CAME 
 97: REAR HEWN SHIN YARN DINT GREW
 98: BRAD PEA AMRA EDNA NAIL LION

Logging in using S/Key is simple, heres an example session

Code: Select all

$ ssh insomniac
otp-md4 98 inso77154
S/Key Password: 
Last login: Wed Nov  5 21:07:06 2003 from amnesiac

The challenge is asking for password number 98, no other password will work, As soon as I've entered password 98 and it has been accepted, it will never be requested again and will no longer be useful.

S/Key is a cool way of using ssh from insecure or untrusted machines, if thats something you do regularly, give it a try

You can let us know about any problems via http://bugs.gentoo.org/

Most ssh clients, including putty, openssh and ssh.com support S/Key passwords.

[dma]

I take it that I should use the ~x86 version of app-admin/skey (skey-1.1.5-r1) as well? The changelog makes it look like a good idea...

This will be helpful... I don't trust our lab admins at all (they run VNC servers on our WinXP boxes for instance...).

EDIT: Not working at all here. sshd is linked to libskey, but I can't get it to do anything skey-related.

I'd probably have to see the entries in /etc/ssh/sshd_config and ~/.ssh/config.

[taviso]

EDIT: Not working at all here. sshd is linked to libskey, but I can't get it to do anything skey-related.

I'd probably have to see the entries in /etc/ssh/sshd_config and ~/.ssh/config.

Do you have the pam USE flag set?

does it work if you add

Code: Select all

UsePAM yes

to your /etc/ssh/sshd_config?

[bryon]

this is probly a stupid question but I looked through /usr/portage/profiles/use.desc and did not see a skey use flag.

What if I am connecting from a trusted machine can i use my regular passowrd or am I only allowed to use a skey one?

[taviso]

this is probly a stupid question but I looked through /usr/portage/profiles/use.desc and did not see a skey use flag.

It's a local USE flag, take a look in /usr/portage/profiles/use.local.desc

Code: Select all

$ grep skey /usr/portage/profiles/use.local.desc 
net-misc/openssh:skey - Enable S/Key (Single use password)authentication support

What if I am connecting from a trusted machine can i use my regular passowrd or am I only allowed to use a skey one?

Yep, you can set up as many authentication mechanisms as you like, for example the default ssh behaviour is to cycle through hostbased,publickey,keyboard-interactive,password until one works, you can configure this to use a different order, not to use some, or to use them all..take a look at the PreferredAuthentications option in the ssh_config man page.

btw, S/Key passwords counts as a keyboard-interactive (challenge response) authentication system.

[Senso]

EDIT: Not working at all here. sshd is linked to libskey, but I can't get it to do anything skey-related.

I'd probably have to see the entries in /etc/ssh/sshd_config and ~/.ssh/config.

Do you have the pam USE flag set?

does it work if you add

Code: Select all

UsePAM yes

to your /etc/ssh/sshd_config?

I've got UsePAM yes, everything works nicely but I can't seem to figure how to make skey work with sshd.

[bryon]

I have added skey to the /etc/make.conf use settings. And then I recompiled openssh and then installed skey.

But for some reason it does not ask me for the skey, how do i tell it to ask for my skey?

[sschlueter]

If you were to login using someones trojaned ssh client, OTP can help minimise the damage, although someone may still be able to see your session (probably not that much use), they will not be able to compromise your account.

I think you are spreading a false sense of security here. When the ssh client is trojaned, it can not only watch the session but also insert custom commands. The user's account can easily be compromised this way.

[funkmankey]

hrm, is it possible to make sshd use one form of auth for WAN (e.g. skey) and one for LAN (e.g. RSA pubkey)?

...or would it be necessary to bind a separate instance of sshd to each particular IF?

[bryon]

I do not see how bindign openssh to ethX would help at all, sine they would be reading from the same password. Form looking at the sshd config it does not look like you can bind a instance of sshd to ethx but you could bind it to only listen to a certain ip. But then you would have to figure out how to make each of them read from a diffrent passwd file.

I am also still looking for an answer to my previous question.
The quesiton was: I have emerge skey, then I put use flag skey into the /etc/make.conf . Then I remerged openssh. But I still only get the prompt for the regular passowrd. What do I have to do to make it ask for my skey password?

[taviso]

I have emerge skey, then I put use flag skey into the /etc/make.conf . Then I remerged openssh. But I still only get the prompt for the regular passowrd. What do I have to do to make it ask for my skey password?

do you have the pam USE flag set? If you do, enable pam in your /etc/ssh/sshd_config, as in the post above.

If you havn't, have you set up skey logins for the user your trying to login for? (ie, skeyinit)

try logging in with `ssh -v` do you get a line like

Code: Select all

debug1: Authentications that can continue: publickey,password,keyboard-interactive

for example, heres the output from mine when i remove my ssh-key from my ssh-agent:

Code: Select all

$ ssh -v phobiac
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
debug1: Reading configuration data /home/taviso/.ssh/config
debug1: Applying options for *
debug1: Applying options for phobiac
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to phobiac [192.168.0.3] port 22.
debug1: Connection established.
debug1: identity file /home/taviso/.ssh/id_rsa type -1
debug1: identity file /home/taviso/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client blowfish-cbc hmac-md5 zlib
debug1: kex: client->server blowfish-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'phobiac' is known and matches the RSA host key.
debug1: Found key in /home/taviso/.ssh/known_hosts:14
debug1: ssh_rsa_verify: signature correct
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/taviso/.ssh/id_rsa
debug1: Offering public key: /home/taviso/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/taviso/.ssh/id_dsa': 
debug1: Next authentication method: keyboard-interactive
otp-md4 48 phob99910
S/Key Password: 

[m33sb3w]

Hmm...I have a question and I can't seem to find any documentation for skey that answers it...

When you first type skeyinit as a normal user it asks for a password. What password is that? I've tried the password for my normal user account, the root password, leaving it blank. Nothing works. It just tells me the password is incorrect and that's it. Anyone know what's going on?

[taviso]

When you first type skeyinit as a normal user it asks for a password. What password is that?

The first password skeyinit asks for is your login password, then it will ask you to make a new secret password that you will need to generate new otp's.

Code: Select all

$ skeyinit
Password: yourloginpassword
[Updating taviso]
Old key: [md4] inso843904
Reminder - Only use this method if you are directly connected
or have an encrypted channel.  If you are using telnet
or rlogin, exit with no password and use skeyinit -s.

Enter secret password: passwordforgeneratingskeys

[Auka]

Just in case someone is interested: A former colleague of mine wrote a tool called Mobile OTP which can be used for OTP authentication using java-enabled cellular phones. Quite nifty...

[m33sb3w]

The first password skeyinit asks for is your login password, then it will ask you to make a new secret password that you will need to generate new otp's.

I hate to be a bother, but something's just not working. I've made certain I'm not making any stupid mistakes like caps lock on or anything. skeyinit just won't accept my password. It just kicks me out and says Inncorect password. I've made certain I'm not making any stupid mistakes like caps lock on or anything.

Could this be an issue with pam and the 2.6-test kernels? I recall having the same trouble with xlock. My normal user or root passwords weren't recognized. The new version of pam fixed that, though, so I'm not sure if that's what's going on here.

Relevant information:
2.6-test5-mm1
pam 0.77
openssh 3.7.1_p2
skey 1.1.5
shadow 4.0.3-r6

[taviso]

I hate to be a bother, but something's just not working. I've made certain I'm not making any stupid mistakes like caps lock on or anything. skeyinit just won't accept my password.

I think I know whats going on, please sync and try the latest skey and openssh, which I hope fixes this.

[m33sb3w]

I think I know whats going on, please sync and try the latest skey and openssh, which I hope fixes this.

I did indeed fix it! Thank you very much for your help.

[m33sb3w]

Well, now that skey is working and generating passwords I'm trying to get sshd to ask for the opt's when I log in. However, it would seem I'm having the same trouble as senso and byron. Here is what

Code: Select all

ssh -v my-computer -l eric

says (I've changed or deleted names and ips):

Code: Select all

OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /usr/local/etc/ssh_config
debug: ssh_connect: getuid 1079 geteuid 0 anon 0
debug: Connecting to my-computer [xxx.xxx.xxx.xxx] port 22.
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 611.
debug: Connection established.
debug: identity file /users/xxxxxxx/.ssh/identity-astro2 type 3
debug: identity file /users/xxxxxxx/.ssh/id_dsa-astro2 type 3
debug: identity file /users/xxxxxxx/.ssh/id_rsa1-astro2 type 3
debug: identity file /users/xxxxxxx/.ssh/id_rsa2-astro2 type 3
debug: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2
debug: match: OpenSSH_3.7.1p2 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p2
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'my-computer' is known and matches the RSA1 host key.
debug: Found key in /users/xxxxxxx/.ssh/known_hosts:1
debug: Seeded RNG with 34 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.

Here is my sshd_config:

Code: Select all

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

LoginGraceTime 60
PermitRootLogin no
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/lib/misc/sftp-server

And my ssh_config:

Code: Select all

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes25$
#   EscapeChar ~

PreferredAuthentications "keyboard-interactive,hostbased,publickey,password"

ssh works now, with these settings. However, I have the felling I may be missing something. I'd really appreciate any help you can give whenever you get the chance.

Eric

[tdb]

I had the same problems as a few others; skey made keys just fine but SSH doesn't ask for them. All I got was the standard password prompt. On a whim, I just hit enter without entering anything for the password. The very next prompt was for the skey password. It looks like SSHd is asking for the regular password first before going to skey.

Also, let me get this straight:

keyboard_interactive = skey (and not regular password)
password = regular password

right?

[m33sb3w]

I had the same problems as a few others; skey made keys just fine but SSH doesn't ask for them. All I got was the standard password prompt. On a whim, I just hit enter without entering anything for the password. The very next prompt was for the skey password. It looks like SSHd is asking for the regular password first before going to skey.

Hmm, I can't even get mine to do that. Of course it wouldn't solve the problem anyway unless you put the message "If you are trying to get into my computer with my login password, I ask that you please ignore that, hit enter, and be frustrated by the new one-time password system"

[tdb]

That would be funy, but I have enough legalease on my issue.net .

But let me ask you. Is there a way to get this for local console logins?

[m33sb3w]

I've been fooling around with this issue again recently but I still can't get it to ask for my otp and _only_ my otp, so I thought I'd bump this up, see if there are any new ideas.

[melts]

This is just a bit of extra help explaining things, hope it helps
- here's what i did

Code: Select all

$ su
# nano -w /etc/make.conf 

edited use="skey" (well added skey to my flags - i already had pam in there)
edited accept_keywords="~x86"
saved and exited

Code: Select all

# emerge skey
# emerge openssh
# /etc/init.d/sshd restart
# exit
$ skeyinit

entered my account passwd when asked
then made up a 10+ char secret password for skey to hash, entered that twice (and you have to remember this password, indeed)

it then gave me

Code: Select all

ID melts skey is otp-md4 99 oni123456
RIME OUT HIT IQ TAN TREE

then i

Code: Select all

$ skey 98 oni123456 

and i got asked for that secret password again
and then i got

Code: Select all

KEG CHEF CALF SHE MOLL HANK

then i logged in to my box again with puTTY, and when it asked for my username i gave it melts
then at the password: prompt i hit enter
then got

Code: Select all

opt-md4 98 oni123456
S/Key Password:

i entered the skey ones i made (KEG CHEF CALF SHE MOLL HANK) and i was in

it looks pretty cool, i was just confused as to why it didn't ask me for the 99 one that was created by the skeyinit
and i had to figure out what skey wanted to build a key - you need to give it the key number and the key, the HOST123456 bit - but once that and the fact i needed to build a key before i could use it was sorted out, it worked fine

[m33sb3w]

then i logged in to my box again with puTTY, and when it asked for my username i gave it melts
then at the password: prompt i hit enter
then got

Code: Select all

opt-md4 98 oni123456
S/Key Password:

i entered the skey ones i made (KEG CHEF CALF SHE MOLL HANK) and i was in

Still though, that really doesn't solve anything. You said at the 'password:' prompt you hit enter to get the skey password prompt. I don't see how this secures the box any better if there's still the option to enter the normal password to get in.

Does anyone know how to completely disable the normal login password over ssh?

[melts]

hrm, the OTP is more for preventing snooped passwords from being used to access your box, is it not?

i think i understand what you want to use it for, but wouldn't having a list of OTP's always at hand and remembering to renew them and so on make normal use impractical?

also, look at this; the OTP system's word list is 2048 words long and always 6 long, while a password can have any of the 95 lower and uppercase letters, numbers, punctuation and symbols.
73786976294838206464 = 2048^6
735091890625 = 95^6
5688000922764599609375 = 95^11

using an 11 letter/symbol password isn't all that hard, and raises the bar by many factors. I don't know how crackable the OTP hashes are, but using just the words that is a look at security. (also, i can remember my password in my head, but you'd almost always need a copy of your OTP's written down... I work at a school, writing passwords down just doesn't do it for me)

if you need to secure your box make better password rules and longer passwords, that seems more reasonable. I personally use OTP's for logins on machines other than my own, and i could see a use as a way of recovering a forgotton password on a user network (create and print out each users S/Key and tell them to look after if for passwd recovery, etc) but i don't use it to make my box harder to hack. On top of a defined word list and word count, S/Key provides a key to be combined with the secret to make the password, and although i'm not a crypto expert at all, the idea that any info is supplied that works with generating a password would just seem even less secure... just a thought.

However, i'm looking at kerberos logins with SSH and i would like to change the order in which authentication systems are presented, so if i figure it out i'll post it in my network login thread and here