SSH key encryption when using FDE

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

SSH key encryption when using FDE

Hugo Osvaldo Barrera-2
Hi,

I've always used password-protected ssh keys, with ssh-agent, and in
recent year, I've been using full disk encryption as well.
I'm wondering if there's some redundancy here, and if using FDE
nullifies the need for password-protecting the keys, or if there's some
attack vector I'm no considering.

Keep in mind that I using ssh-agent, and unlock the keys usually as a
first action after startup (I guess *not* using ssh-agent completely
changes the scenario).

Thanks,

--
Hugo Osvaldo Barrera

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Remi Locherer
On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera wrote:

> Hi,
>
> I've always used password-protected ssh keys, with ssh-agent, and in
> recent year, I've been using full disk encryption as well.
> I'm wondering if there's some redundancy here, and if using FDE
> nullifies the need for password-protecting the keys, or if there's some
> attack vector I'm no considering.
>
> Keep in mind that I using ssh-agent, and unlock the keys usually as a
> first action after startup (I guess *not* using ssh-agent completely
> changes the scenario).

I still makes sense to encrypt your ssh keys. Think of a bug in a browser
that allows a server reading your files.

Remi

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Nick Holland
On 08/02/16 01:48, Remi Locherer wrote:

> On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera wrote:
>> Hi,
>>
>> I've always used password-protected ssh keys, with ssh-agent, and in
>> recent year, I've been using full disk encryption as well.
>> I'm wondering if there's some redundancy here, and if using FDE
>> nullifies the need for password-protecting the keys, or if there's some
>> attack vector I'm no considering.
>>
>> Keep in mind that I using ssh-agent, and unlock the keys usually as a
>> first action after startup (I guess *not* using ssh-agent completely
>> changes the scenario).
>
> I still makes sense to encrypt your ssh keys. Think of a bug in a browser
> that allows a server reading your files.

right.

Disk Encryption protects your key and other data when your computer is
OFF.  And only when it is off.  When your computer is active and the
file systems available, any attacker that manages to get into your
system through any means can see whatever they have access to.  If they
grab your no-passphrase key, they now have your key.  If they grab your
passphrased key...they got a jumble of funny characters.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Hugo Osvaldo Barrera-2
On Tue, Aug 2, 2016, at 22:01, Nick Holland wrote:

> On 08/02/16 01:48, Remi Locherer wrote:
> > On Mon, Aug 01, 2016 at 07:10:21PM -0300, Hugo Osvaldo Barrera
> > wrote:
> >> Hi,
> >>
> >> I've always used password-protected ssh keys, with ssh-agent,
> >> and in
> >> recent year, I've been using full disk encryption as well.
> >> I'm wondering if there's some redundancy here, and if using FDE
> >> nullifies the need for password-protecting the keys, or if
> >> there's some
> >> attack vector I'm no considering.
> >>
> >> Keep in mind that I using ssh-agent, and unlock the keys
> >> usually as a
> >> first action after startup (I guess *not* using ssh-agent
> >> completely
> >> changes the scenario).
> >
> > I still makes sense to encrypt your ssh keys. Think of a bug in a
> > browser
> > that allows a server reading your files.
>
> right.
>
> Disk Encryption protects your key and other data when your computer is
> OFF.  And only when it is off.  When your computer is active and the
> file systems available, any attacker that manages to get into your
> system through any means can see whatever they have access to.  If
> they
> grab your no-passphrase key, they now have your key.  If they
> grab your
> passphrased key...they got a jumble of funny characters.
>
> Nick.
>

Doesn't the fact that ssh-agent is running somehow make the keys
accessible anyway? Or am I making misassumptions on how it works?

--
Hugo Osvaldo Barrera

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Nick Holland
On 08/02/16 21:02, Hugo Osvaldo Barrera wrote:
> On Tue, Aug 2, 2016, at 22:01, Nick Holland wrote:
>> On 08/02/16 01:48, Remi Locherer wrote:
...

>> > I still makes sense to encrypt your ssh keys. Think of a bug in a
>> > browser
>> > that allows a server reading your files.
>>
>> right.
>>
>> Disk Encryption protects your key and other data when your computer is
>> OFF.  And only when it is off.  When your computer is active and the
>> file systems available, any attacker that manages to get into your
>> system through any means can see whatever they have access to.  If
>> they
>> grab your no-passphrase key, they now have your key.  If they
>> grab your
>> passphrased key...they got a jumble of funny characters.
>>
>> Nick.
>>
>
> Doesn't the fact that ssh-agent is running somehow make the keys
> accessible anyway? Or am I making misassumptions on how it works?

ssh-agent provides a way to USE keys, not expose keys.  Remember, this
is public key cryptography, which has some nifty abilities to avoid
exposing private keys while still using them.

A key without a passphrase is protected by nothing other than file
permissions.  Anything /you/ run or runs as you has the ability to read
your private key.  ANYTHING.  Your browser.  Your mail client.  That
obfuscated code block your friend just showed you.  Your backup system.
Everyone else with doas access on your system.

From the man page:

 "The agent will never send a private key over its request channel.
  Instead, operations that require a private key will be performed by
  the agent, and the result will be returned to the requester.  This
  way, private keys are not exposed to clients using the agent."

so ... there's no way to query the agent and get a passphrase-free
private key.  Instead, things wishing to use the agent pose a query
(based on the public key) that can only be answered by something holding
the private key.

Now, I suspect (nb: I am not a cryptographer or SSH coder. But I sat at
a table with one once, and was completely in awe) the key has to be held
in unlocked form in RAM, so perhaps a very serious breach that allowed
the raw access of system RAM might produce it...but would also produce a
lot of other nifty things, and by that point, your system is so
completely compromised, not much is trustworthy anymore.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Stuart Henderson
In reply to this post by Hugo Osvaldo Barrera-2
On 2016-08-03, Hugo Osvaldo Barrera <[hidden email]> wrote:
> Doesn't the fact that ssh-agent is running somehow make the keys
> accessible anyway?

If it's running and you haven't told it to forget the keys one
way or another: yes.

Some screen lockers allow you to run another program;
one thing you can do is run "ssh-add -D" to kill the keys when
you lock. Alternatively when you start ssh-agent you can use
the -t flag to set the lifetime of the key; if you do this
ssh-agent will expire added keys automatically after this
timeout. (for the latter if you use xdm you'll need to edit
Xsession).

By itself this can be annoying as you normally have to run
ssh-add to add the keys back in before you can use them. But
if you use "AddKeysToAgent yes", ssh will prompt you for the
key passphrase when it needs it (i.e. after the lock/timeout)
and add them to the agent automatically. So it works rather
like sudo's password timeout - very convenient, and it avoids
the keys hanging around in your agent for longer than needed.

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Rubén Llorente
In reply to this post by Nick Holland
Nick Holland <[hidden email]> wrote:
> Now, I suspect (nb: I am not a cryptographer or SSH coder. But I sat at
> a table with one once, and was completely in awe) the key has to be held
> in unlocked form in RAM, so perhaps a very serious breach that allowed
> the raw access of system RAM might produce it...but would also produce a
> lot of other nifty things, and by that point, your system is so
> completely compromised, not much is trustworthy anymore.
>
> Nick.

I have actually seen step by step instructions for doing just that, but I
don't have the link around. You essentially need root permissions for
pulling that off.

Ssh-agent prevents an intruder from stealing the key material in any
useful form, but it does not prevent him from using the material that is
already kept by the agent - if he is able to send a query to your agent,
he will be able to use the keys even if he does not get to see them.

I encrypt my key materials even when I am using PFDE, I just don't think
the agent is something it is not.

--
OpenPGP Key Fingerprint:
BB5A C2A2 2CAD ACB7 D50D  C081 1DB9 6FC4 5AB7 92FA

Reply | Threaded
Open this post in threaded view
|

Re: SSH key encryption when using FDE

Predrag Punosevac-2
In reply to this post by Hugo Osvaldo Barrera-2
Stuart Henderson wrote:

> On 2016-08-03, Hugo Osvaldo Barrera <[hidden email]> wrote:
> > Doesn't the fact that ssh-agent is running somehow make the keys
> > accessible anyway?
>
> If it's running and you haven't told it to forget the keys one
> way or another: yes.
>
> Some screen lockers allow you to run another program;
> one thing you can do is run "ssh-add -D" to kill the keys when
> you lock. Alternatively when you start ssh-agent you can use
> the -t flag to set the lifetime of the key; if you do this
> ssh-agent will expire added keys automatically after this
> timeout. (for the latter if you use xdm you'll need to edit
> Xsession).
>
> By itself this can be annoying as you normally have to run
> ssh-add to add the keys back in before you can use them. But
> if you use "AddKeysToAgent yes", ssh will prompt you for the
> key passphrase when it needs it (i.e. after the lock/timeout)
> and add them to the agent automatically. So it works rather
> like sudo's password timeout - very convenient, and it avoids
> the keys hanging around in your agent for longer than needed.

That is a damn good advice!

Predrag