mjg59

mjg59, 22 days ago

Ideally you'd be able to get a prompt saying "evil.com wants your ssh key" and you'd say no, and also if a site says "cats.com wants your ssh key" and then tries to use that to access dogs.com dogs.com would see that the signature was for cats.com, but the protocol doesn't seem to allow this

mjg59, 22 days ago

I unironically love the SSH agent protocol and I have done some terrible things with it at a professional level but I think given what we know now this is now what it would look like if developed again

mjg59, 22 days ago

@azonenberg You're still trusting the remote system to forward to the correct host and for you to notice the key mismatch

mjg59, 22 days ago

@azonenberg (I agree that this is easier)

mjg59, 21 days ago

@jmc someone who has root on the remote server can just fake all of that

mjg59, 22 days ago

For context: when you log into a remote site using an SSH key, the remote site sends a challenge and you sign that challenge with your private key and send the signature back. The remote site verifies that and if it matches the public key that's in authorized_keys, it lets you log in.

mjg59, 22 days ago

If you forward your agent to a remote system, ssh on the remote system can ask your local agent to sign a challenge so you can log into a further remote system. But that also means anyone on the remote system who can impersonate you can also ask your local agent to sign whatever challenges they want, which means they can then log into any systems you have key-based authentication to

mjg59, 22 days ago

So you forward your agent to A so you can log into B. Someone who has root on A can now ask your agent to sign a challenge for any system that you can log into using keys that are in your agent

mjg59, 22 days ago

So eg for the love of god do not enable agent forwarding for github.com because anyone who compromises github.com can then log into any site your keys have access to

mjg59, 22 days ago

@larsmb Fucking Hayes guard time patent

mjg59, 22 days ago

@mrgtwentythree Yeah but it wasn't like that was a naturally inherited thing, someone had to actually make the decision to port that over

mjg59, 22 days ago

@mrgtwentythree They added a GUI for managing inetd services, it's just weird to do that and not think "Huh should this really be on by default"

mjg59, 22 days ago

@flohoff Thankfully I managed to miss SLIP and only had to deal with PPP, but even so the hardware buffer size in the CIAs was really not fit for purpose

mjg59, 22 days ago

@flohoff (I first got online with an A3500, which was the prototype for the A3000T - it's still under my desk, running Amiga Unix, and I'm in the process of writing a full ZZ9000 driver for it)

mjg59, 22 days ago

@tiaz Look as long as I'm the person who gets to make that decision then everything's fine but if we let anyone else do it then everything will just go to shit

mjg59, 22 days ago

@mrgtwentythree Well fuck

mjg59, 22 days ago

@isotopp @larsmb No but I do own https://eicar-test-file.zip

mjg59, 23 days ago

@ross openssl gives similar results on the laptop