OpenSSH 3.5 Released 140
Dan writes "Markus Friedl announces that OpenSSH 3.5 has just been released with notable updates since 3.4. It will be available from the mirrors listed at http://www.openssh.com/ shortly. Enhancements include bug fixes, improved support for Privilege Separation (Portability, Kerberos, PermitRootLogin handling), RSA blinding in order to avoid timing attacks against the RSA host key and much more. Congratulations are in order for the OpenSSH team's hard work and efforts."
sweet (Score:1, Informative)
Re:sweet (Score:2, Informative)
Re:OpenSSH 3.5 -- (Score:1)
No holes this time.. just minor fixes and upgrades (Score:3, Informative)
Re:No holes this time.. just minor fixes and upgra (Score:1)
Check those MD5s! (Score:5, Informative)
Re:Check those MD5s! (Score:3, Insightful)
MD5 is just a hash... (Score:3, Informative)
You could either GPG sign the MD5 hash of the tarball, or GPG sign the tarball itself to guarantee that the tarball was signed off by the appropriate person.
Re:MD5 is just a hash... (Score:5, Informative)
So, in the end, you're just going to have to trust that *somebody* isn't out to get you, unless you want to run through the source code line-by-line...
Well then... (Score:1)
No solution is perfect, but some additional peace of mind could be provided with not a lot of extra effort.
Re:Well then... (Score:1)
Signed by whom? It would take a people signing each other's keys for him to get into my (relatively small) web of trust. And if he isn't, there is absolutely no reason to trust the sigs. If someone wanted to impersonate Damien Miller, they could just make 10 fake keys and sign Damien's fake key with them. So you just have to trust that this is the right key, in which case you might as well take it on faith that the file isn't trojaned or that the MD5 sum is correct.
I'm not that paranoid, so I don't care. The MD5 matches, as does the sig, which convinces me. I also have a Mac, and Apple hasn't released a native installer for this yet, so I might as well wait and save myself a messy UNIX install (have to dowload a bunch of libs otherwise), in which time any forgery will be discovered anyway.
Note that a quick search indicates that there are no less than 5 currently active and 3 inactive keys belonging to "Damien Miller" (and there seem to be about 5 different Damien Millers who use PGP) on the keyserver, so there's not much reason to trust that this one is actually him.
Mike
Re:MD5 is just a hash... (Score:2)
Even before this trojan history I was pedantic about avoiding a trojaned version. I downloaded Damiens public key from every mirror and verified they were identical. I have kept this key around since then, so if anybody were to create a fake key for Damien, I would notice.
Re:MD5 is just a hash... (Score:3, Insightful)
But, on the other hand, Damien miller's key has no sigs on it, so there's no reason for us to believe that it really belongs to him..
The key has been pretty widely distributed and has been used to sign OpenSSH releases since nearly day 1 (I used a pgp2.6 key for some of the earlier releases IIRC).
If the key were to suddenly change, it would be noticed (note that this is exactly the trust model that sshd host keys use).
I would like to get some signatures on the key, but haven't had much opportunity. Hopefully I'll get off my behind and go to the next Asia-Pacific IETF conference and get some sigs there.
Re:MD5 is just a hash... (Score:2)
I'm smiling because that was the method of security that M$ use(s/d?) for activeX controls. Widely derided as unworkable, and prone to misuse (IIRC, someone got hold of a M$ private key, and they had to revoke it.)
le plus ca change...
GPG Verification (Score:2)
I've got GPG installed, a private/public keypair created for myself, now what?
Re:Check those MD5s! (Score:3, Informative)
MD5 doesn't use public/private keys. It actually doesn't use any keys at all. It just produces a short checkum (a short string such as "aa44cfb..."), that you can compare with another checksum later, in order to tell if anything has changed.
That said, it can still be useful-- for example if you get the MD5 checksums from the "main distribution site" or whatever, and then download the actual files from a mirror. That said, a (PGP|GPG) signature is still better.
Re:Check those MD5s! (Score:1)
Re:Check those MD5s! (Score:5, Funny)
Re:Check those MD5s! (Score:1, Funny)
carefull...Quote from site (Score:2, Informative)
At least one major security vulnerability exists in many deployed OpenSSH versions (2.3.1 to 3.3). Please see the ISS advisory, or our own OpenSSH advisory on this topic where simple patches are provided for the pre-authentication problem.
Re:carefull...Quote from site (Score:2)
The MD5 checksums for the official and portable tarballs are provided in the announcement here [theaimsgroup.com].
Debian (Score:2, Interesting)
Re:Debian (Score:2, Funny)
Re:Debian (Score:1)
Re:Debian (Score:4, Informative)
Wait a while... (Score:3, Insightful)
Re:Wait a while... (Score:2, Insightful)
I think if you check the MD5/PGP signatures you should be fine.
Re:Wait a while... (Score:4, Insightful)
The S/Key exploit wasn't discovered until about 4 releases later. If a piece of software is exploitable, there's no magic formula that will result in you getting it after all the bugs have been fixed.
It makes some sense for Windows, since everything is secret until a release, and is thrown upon the world in an instant, getting spread far and wide to different enwironments. So, bugs are found, but still doesn't help in the security department.
Re:Wait a while... (Score:2)
Slow Down (Score:4, Insightful)
Re:Slow Down (Score:1)
Not standard telnet. That much is for sure.
Re:Slow Down (Score:4, Insightful)
Re:Slow Down (Score:2, Interesting)
Re:Slow Down (Score:2, Insightful)
Re:Slow Down (Score:1, Insightful)
On the other hand, its track record is still better than both sendmail and bind. And what else are you going to use? Telnet? VNC? Terminal Server? They all have worse problems.
Re:Slow Down (Score:2)
That's enough to negate any concerns.
Re:Slow Down (Score:5, Insightful)
I've heard this argument before, and I don't think it holds water.
Firstly, do you patch all local privilege escalation vulnerabilities as quickly as you patch remote vulnerabilities? I know I don't.
Even if there are no local vulnerabilities, they can still scan you system for useful information. They can then use you system to attack other systems from behind you firewall. Do you have a local firewall rule that disallows all outbound connections?
We had a presentation from a (proxy) firewall vendor that used a hardened OS. They were very proud that each proxy ran in its own little sand-box. The mail outside mail daemon could only access port 25 on the outside NIC, and could only pass email to the inside daemon via a shared spool directory. Their OS prevented any other access from that process.
Whenever we asked about a specific version of a daemon, they would refer to this sand-boxing and tell us that it wouldn't matter if a particular proxy was hacked out, there was no way the hacker could break through the firewall.
The company I worked for ran one of the largest (top 10, maybe top 5) web sites in our country. There would have been maybe a dozen other websites with similar bandwidth, and maybe the same number of ISPs. We had to sit down an carefully explain to these sales people that even if the hacked proxy could only access one port on the outside NIC of the firewall, it could DOS almost any other site in the country.
They left that presentation with worried looks on their faces, and promised to get back to us with the version numbers we were asking for.
Moral of the story: Any malicious use of you systems is a bad thing. "Privilege Separation" may stop them from rooting the box running OpenSSH, but a malicious hacker could still do a lot of damage.
Re:Slow Down (Score:5, Informative)
Firstly, do you patch all local privilege escalation vulnerabilities as quickly as you patch remote vulnerabilities? I know I don't.
Please RTFM: An attacker breaking privsep will find themselves in an empty chroot jail with a unique, non-priviliged UID & GID. Leveraging such an attack to even read local files would be very difficult.
Your points about a broken privsep being used to stage network-based attacks are valid.
Re:Slow Down (Score:2)
Don't agree with this point exactly... For one thing, many firewalls (I know PF does) have user/group based filtering... So you could block all outbound traffic from the sshd user. Besides that, a chroot can be created that gives the service NO space on the filesystem, meaning they can't even download an DOS tool if you haven't used the afore mentioned firewalling method. I personally use quota rules to make sure some services don't have the ability to write anywhere, even if they aren't chrooted.
Re:Slow Down (Score:2)
Besides, what would you use instead? SSH.com's insecure version, which is known to be vulnerable, and doesn't provide priv. sep. at all?
Re:Slow Down (Score:1)
Re:Slow Down (Score:2)
You wouldn't need filesystem space to launch an attack - you can upload code into the compomised process' address space, though getting this right would be tricky.
Re:Slow Down (Score:2)
What does? Spoofing? The privsep user is not root, and therefore does not have the proper permissions needed to stick forged packet directly on the wire.
Not only would it be tricky... It wouldn't allow for long-term situations-it will only be there until the machine is rebooted. That only gives the attacker a very small ammount of space to work with, and can be limited even further with login.conf / ulimit rules, giving the user access to only a very small portion of memory, swap, stack, etc.
Re:Slow Down (Score:1)
Re:Slow Down (Score:2)
Care. If you are in the US you are even more vulnrable to this then those of us in countires with a smaller internet presence.
The site I worked for had enough bandwidth avaibale to take a noticable chunk out of the countries international links. If some one couldn't hack your site, but could hack a large site "close" to you then they could DOS you out of existance. They much not be able to hack you, but they can shut you down. For a home site, maybe you don't care? If you running a business off the web, its bad news.
Re:Slow Down (Score:3, Insightful)
embedded ports for OpenSSH (Score:2, Interesting)
Re:embedded ports for OpenSSH (Score:2, Funny)
untar it
type
make
make install
(remember, the order of the commands is important)
My one bugbear (Score:5, Interesting)
Last time I tried to play with SFTP I could not get an external company to have SFTP access without a lot of shell level mucking around to stop them having access to log in via shells or rlogin style features.
And yes I'm lazy, yes I should ask the question in the correct forum and yes I should probably contribute to the project but I am, I couldn't be bothered finding it again and I would be useless to them.
Anyway congratulations and thinkyou for what is other than my stupid whinge a great product. (Opensource or otherwise)
Re:My one bugbear (Score:3, Informative)
Be aware of the colour scheme on that site though, it's hard on the eyes.
Re:My one bugbear (Score:1)
Stop yer whining and fix the fscking problem, unless you have a better solution.
Re:My one bugbear (Score:4, Informative)
Basically what the script does is clean the environment. The requested command is stored in SSH_ORIGINAL_COMMAND environmental variable. Its checked to make sure it is in fact the command you intend. The options are then checked. Finally the script exec()'s the hardcoded path to the command with arguments supplied.
Although it comes written for scp i've used it for securing an account so they can't log in, and they can only execute one or two commands of my choosing.
from what i understand sftp just exec's /usr/libexec/sftp-server. i don't see why you couldn't alter the script to only allow that command.
also you'll want to make sure the client's ~/.bash_profile, ~/.profile, etc.--all its login scripts--are empty and owned by root so that they don't upload their own "special" login script and undo all your work.
scp-wrapper can be found here [snailbook.com]
Phibz
Re:My one bugbear (Score:1, Interesting)
Hah, this is kinda funny... (Score:2, Troll)
Stupid question.. (Score:1)
Re:Stupid question.. (Score:1)
Re:Stupid question.. (Score:5, Informative)
Whenever some story about, say KDE, pops up everyone is like "this is the best thing for Linux since sliced bread". Reality check: not all people run KDE run it on Linux. I think the BSD people should be entitled to the same "This is what we do for everyone!" type of recognition as everyone else.
Re:Stupid question.. (Score:3, Informative)
>other Unixen?
OpenSSH was written by folks who also work on OpenBSD.
Of course, OpenSSH runs on many different *nix flavours.
Re:Stupid question.. (Score:2)
Very soon after the initial release for OpenBSD.
There's a brief history [openssh.com] of the project on the OpenSSH web site.
But, but.... (Score:1, Funny)
Where is the public key to check the sig? (Score:1, Insightful)
So... any ideas where it might be found?
Re:Where is the public key to check the sig? (Score:2, Informative)
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0 (Build 288) Beta
mQGiBDqa5pwRBADJSEyXXsgXiyytN93prDPTPmrueRP9lQQ
Vxxk9wlSXQp3+Qw5+qqsN5ovzsn39r9pq
5myh65ZJTK1ufWCZFssxQ0EiALagu4DlH
QYDmisEHjkarAapPaupxjhkD/j9riCVas
4Dg9QxpuwHKIT8BeDA3hJa/9Yxu5jec2N
J64dGWuGMKQW0GEqW+OXpRTTPJZ0mgPmU
6u2EA/4+1CBYZ8mXq9GJnLRBPAoYwSJJz
gGGKfzvpjY7DeJzDI0Cub+tRova8gFg+T
ybtYLYhUUbdYM29PwGBNfZhGIOYwfFE9U
bGxlciAoUGVyc29uYWwgS2V5KSA8ZGptQ
muacBQsHCgMEAxUDAgMWAgECF4AACgkQz
guS6ht9i9ZsAoL/oXCmFsofARehZF6Aak
9hmxgyntr35ZQJKx9g6ftBw178JSwM3O7
edT9IAXqr8pjp5tdqMYCcaKy+aJ0Sw1zV
53IwWGVVtquF5dimAe75+D0aXyVCOv0Ez
vXONY2qm/GV5OjyOUO41gmQ4pyXQh+goc
Cvqm7JoIU9JKxDV+96bxDLfTdKpoLYKb6
ady9/+n3m6cvAAURCACrvoVSbd0MR0FWX
+MHe7dqxCJ3pmu7aROl2fgug6wob+7+qX
2NB/BatePGg7Z6UALaULQ0m83DCEVLJNn
zwMpwRMXnvCM6zYlS9i1kOm8LVATk0Wyi
PgulTZ7rHqXl4juY8LQ2j4dPNaPoKWG8J
RQrVTchgBSYoxRVW3fLk/yc3TC5Abh6Gp
zo7LA4b/nEgftgCdHIZUDVAWDRa5siSi8
N58TmAPE
=rCFY
-----END PGP PUBLIC KEY BLOCK-----
Re:Where is the public key to check the sig? (Score:3, Insightful)
Re:Where is the public key to check the sig? (Score:4, Informative)
http://pgp.mit.edu:11371/pks/lookup?op=get&sear
M
Why I Switched to OpenSSH (Score:5, Funny)
Before I was using F-Secure SSH, and I always had problems with technical things my poor brain can't comprehend. Now I just tar zxvf openssh.tgz;
OpenSSH. It's about more and better.
Wish list item (Score:1)
Re:Wish list item (Score:2, Interesting)
Re:Wish list item (Score:1)
but does it look as cool?
Re:Wish list item (Score:4, Funny)
$ ssh remotehost -c "tail --bytes=\`ls -l | awk '/pr0n.tar.bz2/ { print $5; }' - `ls -l | awk '/pr0n.tar.bz2/ { print $5; }'` | bc\`" > pr0n.tar.bz2
now, you're smart enough to turn this into a shell script, right? there's a reason openbsd doesn't ship with a "watch" script.
note that there is probably an error in that commandline since i never tested it. go ahead, post it.
Re:Wish list item (Score:1)
I tried narrowing it to just the first term where it is getting the remote file's size:
but it returns the whole line:
Apparently gawk-3.1.0 doesn't work the way one expects when one uses it remotely. Maybe you want to try again, because I'm stumped.
Re:Wish list item (Score:2)
Sigh (Score:5, Insightful)
My contention is that there NEVER WAS any software as secure as these people seem to have though ssh was, and there never will be. It's just too complex a game, and there are people who seem to live on nothing but attacking systems. Given that combination, there will be weaknesses found, as long as humans are a part of the development equation.
The situation has been improperly defined by the assumptions we've apparently made. Don't expect UNCRACKABLE software - that's just silly. What we have seen with openssh/openssl is exactly what we should be seeing - inevitable problems being openly discussed and fixed quickly. What if someone were to put a trojaned MS update onto one of Microsoft's servers? Would we even know for months? This kind of crap happens. It's part of the cost and reality of using computers.
Take the rash of reports of vulnerability as a GOOD thing - it's better to know and fix, than wait for a black hat to find it. Of course we try to code and design to avoid weeknesses, but the reality is that life doesn't work like that, and we need to be ready to handle the problems that crop up. Whether or not this is an indication of a design flaw in ssh doesn't really matter either - that can also be fixed. That's what ongoing development is all about.
So don't diss SSH too much. Constructive discussion only, please. Remember, it's free, it helps, and it's only getting better. If you don't think it's good enough, help them! You can, you know - open source at it's best.
Re:Sigh (Score:2)
Agreed. Note also the move towards running fewer services and firewalling so that only ports 22 and 80 are open - and wide open, at that. It is my guess that we wouldn't see so many PHP scripting vulnerabilities on bugtraq if people wrote native applications instead of web-apps for e.g. calendaring, groupware, etc, but using their own custom port#s for the purpose instead of flattening everything onto 80.
I'm not surprised that sort of thing has brought forth a rash of ssh updates.
I'd also like an alternative to openssl and openssh, other than freessh and lsh which aren't all that well developed yet, but time will tell on that front.
Too much change? (Score:2)
Anyways, I think they scanned for OpenSSH because of the recent problems. It seems they release a new version every couple of weeks. There are bound to be bugs. Now, I tend to think that closed-source software probably has more latent bugs and there's just no way to know, but the perception is that constant change means instability and insecurity.
Re:Too much change? (Score:2, Insightful)
Time to update the CV...
Re:Too much change? (Score:1)
Re:Too much change? (Score:3, Interesting)
big corporation sysadmins like to point fingers when something fucks up..otherwise, it's their head.
by sticking to commercial software, corporate sysadmins can keep that shitball rolling, all the way back to the product company.
Re:Too much change? (Score:1)
I really dont expect a warrantee from something i get for free, but if i pay for something i would like it to work, and i would like comeback against the provider of the product if problems with it cause me trouble.
Example, a few weeks ago a garage fitted a new fanbelt to my car, but it was the wrong type.. it was somewhat too small, it bent the alternator mountings and quite quickly snapped. With no alternator, the battery quickly got discharged as i was finding a safe place to stop, and i was unable to restart the engine.
The garage replaced towed me for free, replaced the alternator and the belt, and gave me a courtesy car while the work was carried out.. I didn`t try to push it and ask for financial compensation, since i wasnt going anywhere especially important at the time..
compatible keys (Score:2)
I shouldn't have to be a guru just to use SSH.
Re:compatible keys (Score:1)
Re:compatible keys (Score:2)
The following "free" clients are recommended for interoperating with OpenSSH from Windows machines:
* PuTTY is an SSH1+SSH2 implementation. PSCP, an scp-style program for Windows, is also available.
PuTTY is available under the MIT licence (BSD-like).
"PuTTY is a free implementation of Telnet and SSH for Win32 platforms, written and maintained primarily by Simon Tatham, who lives in Great Britain."
If you're going to recommend it, then why not right up front, give some pointers on how to get it up and running.
Regards.... S
Re:compatible keys (Score:1)
So-called proactively secure... (Score:1)
For an os and other tools (openssl, openssh) which is supposedly thoroughly security audited, there have been a lot of vulnerabilities found, some even present in NEW code (as opposed to the original code that openssh for instance was based upon)
It sure says a lot about the auditing skills of these people if blackhats have been able to find and exploit so many holes, which their supposed auditing missed.
Re:RSA (Score:1)
Are you misshg some chars there?
Re:RSA (Score:5, Informative)
You again. Excellent troll, but you need to choose a different motif for your nicks.
For the uninitiated: that is not perl. It is line noise with some perl operators, bundled into a cleverly-masked troll. This guy is an old sport at this, previously using the name "PhysicsGenius". Check his (short) user history [slashdot.org], and this guy's [slashdot.org] posting history. I simply cannot believe that moderators would be so idiotic as to mod this stuff up, so my conjecture is that he has two accounts: one to troll, and another serious account with mod points. It may be interesting to correlate average time between mod points to his posting history.
Relevant anecdote: the original OpenSSH sources had an "RSA in six lines of perl" in a comment of one of the source files. Theo removed that in some version. A little too much angst there, if you ask me - this stuff is supposed to be fun.
Re:Let's just hope... (Score:1)