[conspire] Machine rebuild happened on Feb. 1

Rick Moen rick at linuxmafia.com
Tue Feb 22 15:12:40 PST 2005 

Returning to an aging thread (and posting from the newsgroup side).

Daniel Gimpelevich <daniel at gimpelevich.san-francisco.ca.us> wrote:
> On Wed, 09 Feb 2005 12:44:37 -0800, Rick Moen wrote:
 
>> Well, if you have reason to trust your DNS and intervening routers, yes.
>> ;->
> 
> Who can really trust intervening routers? It is after all, the Internet.
> As for DNS, I (maybe too hastily?) trust my ability to recognize your IP
> address when I see it.

The point of my smiley is that, indeed, you really shouldn't trust
intervening routers and other people's DNS, if you can avoid it.

As my friend Jim Dennis likes to say "Key management is HARD."
Practically everyone who uses ssh across the Internet has encountered
the situation where you either (1) get an SSH prompt saying that the
remote system's host key hasn't been encountered before (e.g., when you
connect for the first time), or (2) get an SSH prompt saying that the
remote key has _changed_, and suggesting you should worry that something
evil is being attempted.

Practically everyone blithely proceeds and says "Sure, accept the
new/changed key", in part because you're feeling lucky (or at least not
significant enough to attack), and in part because you see little
alternative.

But there _is_ a (partial) alternative:  I carry around on a USB
keychain drive a copy of my .~/ssh/known_hosts file, plus a set of my
personal crypto keys -- plus, for good measure, a copy of
linuxmafia.com's public host key.  The point?  This means I never just
have to whistle in the dark and trust that I'm going to be lucky the
first time I connect home (or other known locations) from any machine's
shell prompt -- and that I can be well and truly paranoid if the remote
system's host key suddenly _does_ "change".  (Did it change because the 
sysadmin had reason to generate a new one?  If so, why?  Or perhaps 
am I being trapped into a man-in-the-middle attack, and the remote host
isn't really genuine at all?)

>>> A little while later, I tried
>>> temporarily moving the known_hosts file so that I could try to log in and
>>> found that my password had been reset, and I don't know the new one.
>> 
>> Password authentication is now no longer accepted.  See the system news
>> bulletin:  http://linuxmafia.com/news.html

In partial explanation:  We're rapidly approaching the situation where
(unsupplemented) password authentication is obsolete for general-purpose
remote access -- because technical resources available for brute-force
attacks keep improving, while the human mind's capacity for remembering
passwords remains pitifully small.

> I do have a GPG key on the MIT keyservers, but I've never bothered to get
> it signed.

Next time you're at my house, testify to its hash value, and I'll sign
it.  (You should also consider attending keysigning events.)

-- 
Cheers,                                      Hardware:  The part you kick.
Rick Moen                                    Software:  The part you boot.
rick at linuxmafia.com

More information about the conspire mailing list